Cyber Incident Victim: Coweta County School System
Date:
May 2025
Location:
United States of America
Summary
Coweta County School System experienced a cyberattack on its network that prompted immediate response from its IT department and security partners. The intrusion was reported to the Georgia Emergency Management Authority and Homeland Security, and affected systems were taken offline to halt activity while investigation continues. Despite the incident, school operations including Advanced Placement testing and state Milestones Testing proceeded, and core services such as student Chromebook access, Wi‑Fi and phone lines remained functional. Officials stated that no evidence of personal information compromise has been found, though a thorough investigation is underway and internal network access remains restricted during the review.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On Friday evening, the Coweta County School System detected an apparent cyberattack on its computer network. The school system was alerted to unauthorized network activity at approximately 7:00 p.m. on Friday. Upon discovery, the IT department and security partners followed established protocols and took systems offline to stop the activity and identify the source. The intrusion has been reported to the Georgia Emergency Management Authority and Homeland Security for further investigation.
While the investigation proceeds, some school system network processes are expected to be hampered in the coming days. Employees have been advised not to access desktop devices while the matter is being investigated. Despite the intrusion, basic school operations such as student Chromebook access and use, wifi access, and phone services have not been impeded. School operations will continue as normal during the coming week, including Advanced Placement testing scheduled to begin Monday, May 5, and state Milestones Testing scheduled for Tuesday.
The school system stated that, at this point, there is no indication that personal information, including student and employee data, was compromised during the network incident. A thorough investigation is ongoing, and the school system will continue to work with cybersecurity partners and federal, state, and local authorities. Access to the internal network will be restricted during the investigation period to allow for ongoing monitoring and analysis. The school system will provide updates to parents and employees as more information becomes available.