Cyber Incident Victim: Weslaco Independent School District
Date:
Dec 2020
Location:
United States of America
Summary
Weslaco Independent School District experienced a ransomware attack by Conti threat actors who exfiltrated and publicly dumped sensitive data, including student demographic details, Social Security Numbers, Medicaid numbers, immunization records, special education evaluations, and parent contact information from over 5,000 records. The compromised information encompassed highly sensitive categories such as disability classifications, behavioral intervention plans, language needs, socioeconomic status indicators, and specialized service requirements, posing significant risks to affected individuals due to the depth of personal and educational data exposed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In December 2020, Weslaco Independent School District (ISD) in Texas disclosed a cyberattack after Conti ransomware threat actors dumped stolen district data. The district acknowledged the incident on December 14 with a public statement indicating they were working to contain the threat but did not yet know the full extent of the compromise. Attackers subsequently released a sample of exfiltrated files, revealing both routine business documents and highly sensitive student records. Among the leaked materials were immunization records, a special education progress report identifying a student, and a file containing an adult's Social Security Number. The most significant exposure involved a spreadsheet with over 5,000 records containing extensive demographic, educational, and personally identifiable information about current and former students. Data fields included full names, dates of birth, Social Security Numbers, Medicaid numbers, disability classifications, special education service requirements, behavioral intervention plans, parent contact details, language needs, socioeconomic status indicators, and specialized evaluation requirements.
The compromised student records spanned multiple sensitive categories including immigration status, dyslexia diagnoses, medical fragility status, and eligibility for free/reduced lunch programs. Based on birth dates in the dataset, many affected individuals were no longer active students at the time of the breach. The attackers exfiltrated the data from district servers, though the full scope of compromised systems and additional data categories remained unconfirmed at the time of reporting. Potential risks included exposure of psychoeducational evaluations, counseling records, employee tax documents, and personnel files, though no evidence confirmed these specific datasets were taken. District officials, including the superintendent and school board members, did not respond to media inquiries about the breach prior to publication. The incident represented a significant compromise of student privacy given the breadth of sensitive educational, medical, and demographic data exposed in the confirmed sample.