FBI Investigating Hack Attack on Grossmont Union High School District

The FBI is investigating a hacking incident that targeted the Grossmont Union High School District and led to the posting of names, accounts and passwords of 1,100 district employees, the district says.

Catherine Martin, district spokeswoman, said Monday that no damage was done in the June 24 attack, a Friday.

“The perpetrators stole and published publicly available data (directory information) and associated user-names, passwords and employee ID [numbers],” Martin said.

First reported by Doug Kolk of KFMB-TV, Channel 8, the incident wasn’t as dangerous as originally depicted, according to Scott Patterson, deputy superintendent of business services.

Patterson told reporter Rory Devine of NBCSanDiego that the incident was a “big hassle” but didn’t reveal faculty Social Security numbers or “sensitive information about students.”

He said the information published was “not very high-value.”

“I can tell you that our whole information technology department was in over the entire weekend, working all hours to remedy the situation,” Patterson told Devine in a report aired June 28.

Martin, the district spokeswoman, said a Twitter post notified officials of the hacking—which pointed to stolen district data. The district maintains its own Web infrastructure, she said. 

KFMB’s Kolk displayed parts of that stolen information in a June 25 report and asserted that it contained “enough information to change grades.”

But Patterson said: “No grades could be changed.”

Patterson also said it was doubtful that the infamous LulzSec group (a Twitter account) was involved in the hacking—as suggested in Kolk’s report. LulzSec has been linked to high-profile attacks on Sony and CIA computers.

Martin confirmed that affected employees included teaching staff districtwide, “current as well as separated or retired individuals.  Letters went out notifying people of the breach.”

She said via email: “Once we came to know of this intrusion, we took the entire district’s network offline immediately. This allowed staff to inspect all databases, research all logs, identify the website that was compromised, data that was pulled, etc., and to reset staff credentials before systematically re-enabling components of functionality.”

She said the cost of the fix was minimal, and weekend overtime was paid to make the repairs.

“The FBI is investigating this matter,” she said. “Naturally, the superintendent made the school board aware of this breach in a timely fashion.”

In comments posted on the KFMB website, two people saying they are district employees criticized the district’s IT department.

“I have been trying to get the district for years to hire a competent security system admin instead [of] the hacks they currently use,” said a commenter going by the name SaamiMom. “I was patted on the head and told not to worry about it. I am one of those teachers on that list. I would like to say, ‘I told you so.’ ”

In response, a commenter who used the name Jack McCullough wrote: “I agree. The current people in charge of IT need to be fired immediately. I told the superintendent this when I reported the hack, maybe if teachers and parents put the heat on they'll actually do it.”

He concluded: “BTW, this was a simple vulnerability that a competent staff should have identified and fixed long ago.”