Cyber Incident Victim: Campbell County Schools

In December 2023, Campbell County School District disclosed a ransomware incident that compromised its computer network, impacting system availability and functionality. Upon discovering the attack, the district immediately secured the network, initiated an internal investigation, and notified local law enforcement. Investigators determined an unauthorized actor had acquired files containing sensitive employee information, including names, Social Security numbers, and financial account numbers. The district confirmed the data breach affected an unspecified number of staff members but did not identify the ransomware variant or specify whether student data was involved. No evidence suggested public disclosure or misuse of the stolen data at the time of notification. The operational disruption indicated potential encryption or system lockdown by attackers, though the district did not confirm whether ransom demands were made or paid.

Campbell County Schools began mailing notification letters to affected employees on December 14, 2023, twelve days after initial public disclosure. These letters included instructions for enrolling in complimentary identity monitoring services through a dedicated call center (888-983-0152). The district implemented additional network security measures following the incident and provided contact information for credit reporting agencies (Equifax, Experian, TransUnion), the Federal Trade Commission, and the Kentucky Attorney General’s Office for identity theft guidance. Law enforcement involvement remained ongoing, though no investigative findings were publicly released. The district maintained communication channels via postal address (101 Orchard Lane, Alexandria, KY) and phone for incident-related inquiries while restoring normal network operations.