Thousands of US students have had their addresses and other private details leaked online after school district officials failed to meet a hacker’s ransom demand.
The mass doxxing took place in Clark County, Nevada, exposing the names, addresses, grades, social security numbers and some financial information of the victims.
The hacking attack, which also disclosed employees’ personal information, took place during the first week of online classes since returning from summer break.
It took the form of a ransomware attack, in which hackers illegally gain access to an organisation’s computer system and encrypt the files so that they can no longer be accessed without a password. The attackers then demand payment in exchange for the password needed to take back control of the encrypted system.
Nearly three weeks after the attack was first reported, cyber security specialist Brett Callow discovered documents containing the school’s records in an online hacking forum – suggesting the ransom was not met – according to The Wall Street Journal.
The Clark County School District (CCSD) did not immediately respond to a request for comment, but previously said it was working with forensic investigators.
“CCSD is working diligently to determine the full nature and scope of the incident and is cooperating with law enforcement,” a spokesperson said.
“As the investigation continues, CCSD will be individually notifying affected individuals. CCSD values openness and transparency and will keep parents, employees, and the public informed as new, verified information becomes available.”
Ransomware attacks have become increasingly common in recent years, facilitated by the rise of cryptocurrencies that offer an efficient way to anonymously receive ransoms.
More than 40 per cent of all cyber insurance claims in the first half of 2020 were ransomware-related, according to leading insurance firm Coalition, with claims ranging from $1,000 (£778) to $2m (£1.56m.)
The cost of such attacks is not always just financial, however.
A ransomware attack on Dusseldorf University Clinic earlier this month locked computer systems and forced ambulance drivers to divert to other health facilities.
One woman in a critical condition subsequently died as a result of delays to her treatment. The hackers later withdrew the extortion attempt.