Cyber Incident Victim: Tangipahoa Parish Schools
Date:
Jul 2019
Location:
United States of America
Summary
A cyber attack disrupted operations at Tangipahoa Parish schools and several other Louisiana districts, causing shutdowns of phone lines, email systems, and office functions. The incident involved malware or ransomware infections, with three northern districts experiencing severe intentional breaches. School officials detected suspicious network activity prior to the disruptions, prompting precautionary measures including system isolations. Multiple agencies including the FBI and Department of Homeland Security investigated the coordinated attacks, noting similar patterns affecting education systems in neighboring southern states. Some districts mitigated impacts through preemptive actions like electronic record backups.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In late July 2019, multiple Louisiana school districts experienced disruptive cyberattacks coinciding with preparations for the upcoming academic year. Tangipahoa Parish schools emerged as a primary target, with officials detecting suspicious network activity over the weekend preceding July 29. Superintendent Melissa Stilley confirmed the district had maintained heightened cybersecurity alertness throughout the preceding week before identifying the anomalous behavior. As a containment measure on Monday, July 29, Tangipahoa administrators proactively disabled phone lines, email systems, and network access across district offices, individual schools, and registration centers. This incident followed confirmed cyberattacks against three northern Louisiana districts—Sabine, Morehouse, and Monroe—which suffered what authorities characterized as severe and intentional network compromises. While the exact attack vector remained unspecified in public reports, the incidents involved confirmed malware or ransomware infections that disrupted operational systems. The timing exacerbated logistical challenges as districts managed student registration and academic planning processes.
Response efforts involved coordinated actions across affected jurisdictions. Tangipahoa's precautionary shutdowns aimed to isolate infected systems and prevent lateral movement within networks, though this caused significant operational disruptions to communications infrastructure. Multiple districts including West Baton Rouge Parish mitigated potential damage through preemptive measures such as maintaining offline backups of critical electronic records. State and federal law enforcement agencies, including the FBI and Department of Homeland Security, initiated investigations to determine potential connections between the Louisiana incidents and contemporaneous cyberattacks targeting educational institutions in Alabama and Georgia. No threat actor claimed responsibility publicly during the immediate aftermath, and investigators focused on identifying technical commonalities across the multi-state attacks while restoring essential services ahead of the school year commencement.