DD2 says $2,900 ransom paid to recover data after server breach, but no identities stolen


Dorchester School District 2 officials say no student or staff member's identity information was stolen or compromised in a ransomware attack on the district's computer network servers over the summer, but that some files were corrupted and lost, and the district was forced to pay a ransom to regain access to other data.

In a letter sent to parents and staff Wednesday, DD2 officials revealed its operating system and database were left disabled on 25 of the 65 servers for the district's computer network after they were infected with a ransomware virus during the summer. The letter did not clarify when exactly the incident happened.

According to the school district, the data on those servers was encrypted, making it inaccessible. The situation did not disable basic school computer functions, according to DD2 public information officer Pat Raynor.

"Since this discovery was made, the school district has worked tirelessly and exhausted every available resource to determine how this situation occurred, to retrieve the data, and to build additional security measures into the system to help safeguard against such incidents in the future," district officials wrote in the letter to parents.

The district said in its letter that an investigation by the S.C. Department of Education, SLED, and other law enforcement agencies determined the attack was only a ransom request, and no student or staff information was actually accessed or compromised by an outside party.

To regain access to the information, the district says it ultimately paid $2,900 to have the data decrypted. The district says the ransom was paid through insurance coverage, not out of its general fund.

Despite paying to regain access, the district says data on one of the 25 servers was corrupted and lost. District staff is manually restoring that data to a server from physical copies of the records.

However, the district says no hard copies of certain information existed for 32 students whose files were lost in that data. The district says it has reached out to the parents of those students, and is working to regather their information.

District officials say a technology company has completed a full security assessment of the district’s network, detailing weaknesses in the district's system, and will be making recommendations to the school board in September for safety improvements to protect against such attacks in the future.

close video ad
Unmutetoggle ad audio on off