Cyber Incident Victim: White Settlement Independent School District
Date:
Feb 2023
Location:
United States of America
Summary
LockBit claimed responsibility for a cyberattack on White Settlement Independent School District, alleging data exfiltration and publishing proof files including some staff documents, with evidence of a passport image from recent years. The district confirmed unauthorized access to certain staff files in shared folders but asserted that critical systems like Skyward/Gradebook and Canvas remained uncompromised. Officials noted implementing prior cybersecurity measures and collaborating with federal agencies to address vulnerabilities. Impacted individuals were directed to identity theft resources, while the district committed to direct notification if personal data exposure was confirmed. The breach scope appeared limited based on initial investigations, though LockBit's additional leaks could challenge this assessment.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around February 28, 2023, LockBit ransomware group listed White Settlement Independent School District (WSISD) in Texas on its data leak site, indicating a potential cyberattack. LockBit provided a proof pack demonstrating unauthorized access to district files, with evidence suggesting the threat actors likely exfiltrated data. The proof pack contained documents dating primarily to 2015 or earlier, though one file included a passport image issued in 2020. Initial public disclosure originated from the ransomware group’s post, as WSISD had not published any incident notice on its website at the time of the listing’s discovery. The attackers’ exact methods remained unspecified in available reports, with no confirmation whether systems were encrypted or if the operation focused solely on data exfiltration for extortion purposes. Homeland Security subsequently notified the district about the potential compromise, prompting immediate cybersecurity intrusion prevention measures.
WSISD conducted internal investigations and security scans following the notification, determining that critical systems like Skyward/Gradebook and Canvas educational platforms remained uncompromised. District officials identified compromised documents as limited to an unspecified number of staff files stored in a shared folder, with no indication of student data exposure in their initial assessment. The district communicated directly with staff and families via a statement asserting prior implementation of cybersecurity measures to protect sensitive information. WSISD committed to contacting individuals if evidence later confirmed their data was affected, while recommending concerned parties consult identitytheft.gov for guidance. The district collaborated with multiple unspecified agencies to address vulnerabilities, though the scope of data exfiltration remained unverified pending potential future leaks from LockBit. No evidence emerged publicly contradicting WSISD’s characterization of the incident as a limited breach confined to staff documents at the time of reporting.