Cyber Incident Victim: Rialto Unified School District
Date:
Aug 2020
Location:
United States of America
Summary
A cyberattack involving malware disrupted virtual learning for a Los Angeles school district, forcing indefinite suspension of online classes hosted by its Bridge Academy. The incident impacted over 25,000 students across multiple schools, occurring shortly after FBI warnings about heightened risks to remote education systems. District staff worked extensively to restore access while instructing students not to use district-issued devices, which were collected for security verification. The attack also caused access issues with Zoom for educators and learners in neighboring districts. An investigation was launched to determine the intrusion's scope and nature.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 5 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
A cyber-attack disrupted virtual learning across the Rialto Unified School District (RUSD) on August 24, 2020, forcing the indefinite suspension of online classes hosted by its Bridge Academy platform. This incident occurred two weeks after FBI supervisory special agent Corey Harris publicly warned on August 11 about heightened cyber risks facing school districts transitioning to remote education, specifically noting vulnerabilities in district networks and student devices. District officials confirmed the attack involved malware designed to disrupt, damage, or gain unauthorized access to computer systems. The immediate operational impact halted instruction for all 25,000+ students across RUSD's three high schools, five middle schools, 19 elementary schools, and one alternative/adult education school, affecting families in Rialto and neighboring communities. Concurrently, the Lake Elsinore Unified School District experienced related disruptions that locked some teachers and students out of Zoom, though the technical relationship between these incidents remained unspecified.
RUSD's information technology department initiated around-the-clock response efforts to restore educational access, with spokesperson Syeda Jafri confirming staff were working "day and night" on remediation. The district mandated that students refrain from using any district-issued devices linked to its compromised servers until further notice. As a containment measure, RUSD announced plans to physically collect all school-provided computer equipment for security inspections to ensure malware eradication before redeployment. No details regarding malware delivery vectors, data compromise, or threat actor attribution were disclosed during the initial response phase. The investigation focused on determining the attack's full nature and scope while maintaining system-wide suspension of virtual instruction pending resolution.