Register now for better personalized quote!

Finalsite says no data stolen during ransomware attack affecting 3,000 US public schools

Jan, 10, 2022 Hi-network.com

Education software provider Finalsite said on Monday that no data was stolen during a ransomware attack that started on January 4. 

Finalsite provides website services to thousands of public schools across the US and the attack took place at a particularly inopportune time. As schools braced for snow days and potential COVID-19 disruptions on Friday, officials found their websites and email systems out of commission, making it more difficult to communicate changes with parents. 

"Examples of usage to avoid include sending email/notifications, workflows, relying on calendar and athletic alerts, uploading data, etc.," the company said on January 7. On Sunday, the company said that all client websites are back online.

Finalsite CEO Jon Moser told reporters on Monday that the company has hired data privacy attorneys at Mullen Coughlin LLC and cyber forensic investigators at Charles River Associates to help with the recovery process. 

Moser explained that they now know which ransomware group conducted the attack and have "achieved containment of threat actor activity." They know how the ransomware group got in and said they "have found no evidence that client data has been viewed, compromised or extracted."

The company said it primarily holds "publicly-facing information found on school and district websites" but some customers use the company's directories or messages/eNotify modules that may contain demographic data ranging from names to email addresses and phone numbers. 

"Some clients use Finalsite payment integrations with third-party organizations. These payments are processed through a secure third party. Finalsite does not transmit or store any credit card data," the company said. "Finalsite does not store academic records, social security numbers, or any other confidential information. Again, Finalsite has no evidence that any data was compromised as a result of this incident."

The company told ZDNet it is unable to share which ransomware group was responsible for the attack. 

A spokesperson for the company also took issue with reports on social media that schools were unhappy with how Finalsite dealt with the outages. 

One Reddit user said a number of school districts complained that they were unable to use their emergency notification system to warn their communities about closures due to weather or COVID-19 protocol.  

"The impact of this outage is far greater than the attention it has received," the user wrote.

Some schools took to Twitter to inform students and parents about website outages, noting to the public that their websites were down because of the ransomware attack on Finalsite. 

Security

8 habits of highly secure remote workersHow to find and remove spyware from your phoneThe best VPN services: How do the top 5 compare?How to find out if you are involved in a data breach -- and what to do next
  • 8 habits of highly secure remote workers
  • How to find and remove spyware from your phone
  • The best VPN services: How do the top 5 compare?
  • How to find out if you are involved in a data breach -- and what to do next

tag-icon Hot Tags : Tech Security

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.