Cyber Incident Victim: Sheldon Independent School District

Sheldon Independent School District in Houston, Texas, experienced a cybersecurity incident involving unauthorized network access discovered in March 2020. The district initiated an internal investigation upon detection and engaged a computer forensics firm to assess system security. By June 15, 2020, forensic analysis confirmed that attackers had viewed and downloaded documents containing personal information of current and former students and staff. Notification letters were dispatched to affected individuals on July 22, 2020, with a public notice following on July 24. Compromised student data included names, academic years, school names, teacher names, sex, race, test scores, and English language proficiency, but excluded Social Security Numbers or similarly sensitive identifiers. Staff information specifics weren't detailed in the notification. The breach impacted both operational data and historical records, necessitating individualized reviews to determine exposure scope across different populations.

The incident stemmed from a ransomware attack that encrypted a critical business server, prompting an emergency school board meeting on March 19, 2020. Faced with projected months-long restoration timelines without decryption, the board authorized a ransom payment facilitated by cybersecurity firm Coveware for a $5,500 service fee plus cryptocurrency transaction costs. Coveware advised the district that the threat actors historically provided functional decryption keys in comparable cases, though the specific ransom amount paid wasn't disclosed. While the decryption process restored the encrypted server, subsequent forensic work revealed the attackers' prior network access and data exfiltration. The district emphasized no evidence suggested misuse of accessed information post-notification. This breach occurred amid increased cyber targeting of Texas school districts following pandemic-related operational shifts.