Cyber Incident Victim: Fort Worth Independent School District

The ransomware attack on Fort Worth Independent School District (ISD) began on the morning of March 3, 2020, when district systems abruptly became inaccessible. At approximately 6:30 a.m., district spokesperson Clint Bond and other staff members experienced sudden computer failures, indicating widespread disruption. The attack compromised operational capabilities across the district’s network, including critical infrastructure such as its public-facing website. District officials immediately engaged internal teams and external contractors to assess the scope of the incident and initiate containment procedures. Initial investigations focused on determining whether sensitive data—including personal or financial information of students, staff, or families—had been exfiltrated or accessed.

Fort Worth ISD publicly confirmed its systems had been encrypted by ransomware but stated no evidence suggested unauthorized access to sensitive personal or financial records. The district categorically refused to pay the ransom demanded by attackers, aligning with common cybersecurity guidance against funding criminal operations. This incident occurred amid a broader wave of ransomware attacks targeting Texas educational institutions and municipalities in early 2020, though no explicit connection between these incidents was confirmed. Recovery efforts prioritized restoring critical systems like the website while maintaining operational continuity where possible. District communications emphasized transparency about the disruption while reiterating confidence in the integrity of protected data based on forensic reviews conducted by internal and third-party experts.