AASD hit by cyber attack
District employees may have had their personal information released on dark web
The Altoona Area School District sent a letter to faculty and staff Wednesday, acknowledging a cybersecurity attack of the district’s internal systems.
“Altoona Area School District recently discovered it was the victim of a sophisticated cybersecurity incident, which impacted certain internal systems. Upon discovery of the incident, our IT took several steps to contain the incident and third-party forensic advisors and external legal counsel were engaged to assist,” stated the letter from Superintendent Charles Prijatelj.
“With the support of these advisors, we launched an investigation into the incident in order to determine the root cause and scope of the attack. Out of an abundance of caution, we temporarily took certain internal systems offline to ensure the safety and security of our overall network.”
The Mirror received several anonymous phone calls this week about the cyber attack, with one caller stating some teachers received notification from credit card apps on Saturday that their personal information was on the dark web.
“All personal information got leaked on the dark web,” a caller stated, including Social Security numbers, full names, addresses, telephone numbers and insurance ID numbers.
In the letter to faculty and staff, AASD said it is confident in the “steps we’ve taken to ensure that our environment is secure and can confirm that all of our systems are operating as usual.”
The district said it is “working around the clock in tandem with our advisors to support our staff and faculty members. Notably, in the coming weeks, please be aware that more information will be shared with you through a formal notification letter — while we have no evidence of any data being misused, this letter will contain information on credit monitoring to be provided at no cost to you.”
The letter states that cyber incidents are becoming a more common risk for school districts across the country.
“While we were the victims of this attack, I have full confidence in our district’s ability to bounce back from this,” Prijatelj’s letter states.
“We understand the frustration that this has caused and appreciate your patience as we conduct our investigation, and we remain committed to providing you with more information as it becomes available to us,” he said in the letter, concluding with: “We are committed to making this right.”
In a separate letter to parents and guardians, the school district said the extent of the cyber security incident has not yet been determined.
“We do know that some of our employees have received notification of potential data compromise and we wanted to make you aware of the situation as well,” Prijatelj stated.
“Upon completion of the investigation, those individuals with compromised data will receive official notification. At this time, however, that information is not yet known,” Prijatelj said.
Prijatelj thanked parents and guardians for their patience and said more information will be provided when it is available.