Cyber Incident Victim: Flagstaff Unified School District

On September 4, 2019, Flagstaff Unified School District (FUSD) in Arizona experienced a ransomware attack that disrupted district operations. The district first identified a cybersecurity issue on the morning of September 4, prompting immediate containment measures. By 3:00 PM that day, administrators severed internet connectivity across all district facilities to prevent further spread of the infection. This action rendered critical systems inoperable due to severed communication channels, making normal school operations impossible. The following day, September 5, the district canceled all classes district-wide as a direct consequence of the attack. All after-school programs, preschools, childcare centers, and FACTS (Family and Community Teaming for Students) services were also suspended. District Communications Director Zachery Fountain confirmed to media outlets that ransomware caused the disruption, though he declined to specify the malware variant, entry vector, or number of compromised devices.

The district publicly announced the closures through its official Facebook and Twitter accounts, citing the cybersecurity incident's operational impacts. No updates regarding the status of classes beyond September 5 were available at the time of initial reporting, leaving the timeline for recovery uncertain. The incident occurred during a broader surge of ransomware attacks targeting educational institutions, including simultaneous disruptions at Monroe-Woodbury Central School District in New York, which delayed its academic calendar by one day. Historical context from the reporting period noted similar attacks affecting Camp Verde, New Kent County, and Houston County school districts during the 2019 summer months. FUSD's response prioritized containment through network isolation, with no public disclosure of ransom demands, data compromise, or remediation progress as of the initial reporting window.