Nebraska school district switches to manual systems after suffering cybersecurity attack

A Nebraska school district switched to taking attendance manually after its technology network experienced a cybersecurity attack.

“The announcement regarding our cyber attack has understandably raised concerns among some of our families regarding district emergency preparedness,” Superintendent Dr. Jason Mundorf posted in an Oct. 12 Facebook update. “I want to reassure you that, despite the cyber attack on our network, none of our safety protocols have been compromised.”

The attack occurred Oct. 10 and shuttered “school phones, computers, and other network-dependent systems” as the school day started Oct. 13, Gray’s KSNB Local4 reported.

However, the district emphasized the attack did not involve ransomware, adding staff and student safety remained uncompromised. 

“Our secure doors remain locked and operational,” Mundorf wrote. “We would never jeopardize the safety of our students and staff for a single day of instruction.” 

As a result, teachers resorted to taking attendance manually so records could be entered into the system once normal operations resumed.

“If your child is absent from school tomorrow, please be sure to send a written note with them when they return, verifying the reason for their absence,” Mundorf advised parents. “This is important for our manual attendance records during this outage. 

“Additionally, because of the outage: If you need to pick your child up early (e.g., for an appointment), please be aware that it may take us longer than usual to locate them within the school as students move from classroom to classroom during the day.”

The district, which serves approximately 6,000 students, announced all technology systems were “fully functional” in a Facebook post last week. 

Cybersecurity and schools nationwide 

As previously reported by The Lion, cybercriminals are increasingly targeting public schools for children’s identity information – which can help them rack up debt and loans while devastating their victims’ credit scores. 

“As it turns out, the identity information of children is actually more valuable to [cybercriminals] than that of adults,” said Doug Levin, director of K12 Security Information eXchange. 

Additionally, hackers often resort to extortion tactics by threatening to leak stolen data unless districts pay them to keep the information private. 

In one example, the cloud-based education software provider PowerSchool was compromised earlier this year after a cybersecurity attack exposed the names and addresses of millions of K-12 students and teachers. 

Effects from the hacking spread throughout U.S. states, including North Carolina. 

“I want to stress this one point: no actions by our schools or no actions by (the Department of Public Instruction) could have prevented this incident from happening,” said Vanessa Wrenn, the department’s chief information officer in a briefing to the State Board of Education. 

“As a matter of fact, this is a global incident.”