Providence School Officials Quiet on Data Breach Details
School board president Erin Rogel described the executive session as 鈥渞egarding the recent breach of the district鈥檚 network.鈥
Get stories like these delivered straight to your inbox. Sign up for 麻豆精品 Newsletter
The Providence School Board typically broadcasts its meetings to .
But Wednesday evening鈥檚 board meeting would not be televised.
Less than five minutes before the scheduled start time, school board President Erlin Rogel to express his regret that a weeklong internet outage at Providence schools would also affect the board鈥檚 regularly scheduled programming. But the portion of the meeting most germane to the network issues wouldn鈥檛 have been broadcast anyway, since it met in executive session.
In a statement issued Thursday, Rogel described the executive session as 鈥渞egarding the recent breach of the district鈥檚 network.鈥 It included a presentation from the Rhode Island Department of Education (RIDE) and the Providence Public School Department (PPSD).
鈥淲hile I cannot disclose the specific contents of our discussion, I can state that the district is awaiting an analysis of this breach to learn more about its severity and the degree to which any information was exposed,鈥 Rogel wrote. 鈥淲hile we await the results of that analysis, PPSD continues to mobilize every resource available to ensure that learning proceeds with as little disruption as possible.鈥
Rogel did not respond to multiple requests for comment from Rhode Island Current.
The school board president鈥檚 use of the term 鈥渂reach鈥 differs from the district鈥檚 official language, which has tiptoed around the problem鈥檚 exact nature. A to the PPSD community described 鈥渋rregular activity鈥 on the district network, which ultimately led IT staff to shut down internet access across district offices and schools. Internet remains largely absent in Providence schools, aside from a fleet of enlisted to provide connectivity in the main network鈥檚 absence.
A sent from PPSD to community members said a forensic analysis was still ongoing and that 鈥渢here is no evidence that PPSD data has been affected.鈥
But on Monday, for the 鈥渋rregular activity鈥 with a post to its publicly accessible ransom blog that purported to include 41 watermarked, sometimes partially obscured, screenshots that preview the contents of the 201 gigabytes of data the hackers claim to have stolen, with identifying information 鈥 like alleged serial numbers for employee cell phones and parents鈥 contact information 鈥 included.
After penetrating a system, Medusa ransomware and amasses exploitable data. Once the bounty is big enough, it will encrypt files and make them inaccessible to users. A ransom note is then delivered to victims, with files held hostage unless a ransom is paid. Medusa hackers also employ a 鈥溾 method, meaning they not only steal files, but will sell or release the data publicly if payment is not received.
The ransom page suggests PPSD can recover or delete its data by paying $1 million. A $100,000 payment would extend the timer by one day. The deadline is the morning of Sept. 25, according to the hackers鈥 countdown timer.
Specifics about district kept secure
Jay G. W茅gimont, PPSD spokesperson, did not respond to numerous requests for clarification or comment on Friday.
Forensic analyses , meaning those answers won鈥檛 be available immediately. But it鈥檚 still unknown whether the school department has a cyber insurance policy, or the possible costs associated with the usage of hotspots that are currently substituting for a dedicated network. Also up in the air is whether the district successfully awarded a 2024 contract that would for copies of security software Cortex XDR Pro, a product from Palo Alto Networks that promises with proper installation.
W茅gimont did not provide information as to the status of the district鈥檚 senior director of information technology, for which a has been online since May. The role is also vacant according to a Jan. 2024 . The contains 13 full-time information services roles for PPSD, down three from the previous year.
鈥淲e also want to note that our student and staff information systems are also separate from our network,鈥 Superintendent Javier Monta帽ez wrote in a Sept. 16 letter to the PPSD community.
W茅gimont did not clarify what this means. Typically, large networks called domains offer varying levels of access for different types of users across IT services for big organizations like school districts.
Back-to-school for threat actors, too
Perennially underfunded school districts nationwide are a favorite among ransomware actors. A report published in Oct. 2022 cited research that over 647,000 K-12 students were potential victims of ransomware attacks as of 2021. Resulting learning loss ranged from days to weeks, while it took districts鈥 infrastructure anywhere from two to nine months to recover.
Providence officials have not confirmed ransomware as the source of their network woes. The alleged hack comes at an inopportune time for PPSD, which has been under state control since 2019 and will remain so for , state education officials announced last month.
If Medusa leaks the PPSD data it claims to have, and it contains private student information, the leakage could be in, a federal law meant to shield confidential student data. Best practices determine that affected school districts contact authorities once a breach is suspected. (Schools do not, however, have to contact the U.S. Department of Education about ransomware, although it is so they can receive federal resources.)
鈥淎s is standard operating procedure, the District and their professional third-party IT agency contacted RI State Police, Federal Bureau of Investigation (FBI), and Department of Homeland Security (DHS) last Wednesday,鈥 W茅gimont said in a Sept. 18 email.
Kristen Setera, a spokesperson for the FBI Boston Division, declined to comment.
鈥淕enerally speaking, we do not comment on specific incidents because victims should feel confident that, when reporting a crime to the FBI, their status as 鈥榲ictim鈥 is paramount to the investigation and that their identity will not be disclosed,鈥 Setera said in a Thursday morning email to Rhode Island Current. 鈥淚f a victim wants to disclose our involvement, we leave it up to them to do so.鈥
In the meantime, Providence schools have made do with older technologies. Maribeth Calabro, president of the Providence Teachers Union, did not acknowledge requests for comment from Rhode Island Current, but did previously speak with multiple news outlets about the effects on the district鈥檚 teachers. Some are confused about which devices they can or can鈥檛 use, Calabro told the , and have opted to teach the old-school way instead, without computers.
A Tuesday on a social media post about the potential Providence hack seems to voice one student鈥檚 concern: 鈥淏ro.. I just want the school wifi back.鈥
is part of States Newsroom, a nonprofit news network supported by grants and a coalition of donors as a 501c(3) public charity. Rhode Island Current maintains editorial independence. Contact Editor Janine L. Weisman for questions: info@rhodeislandcurrent.com. Follow Rhode Island Current on and .
Get stories like these delivered straight to your inbox. Sign up for 麻豆精品 Newsletter