Cyber Incident Victim: Bonneville Joint School District No. 93
Date:
May 2025
Location:
United States of America
Summary
Bonneville Joint School District No. 93 experienced a cybersecurity attack that led officials to shut down the network as a precautionary measure. The shutdown disrupted summer school programs, affecting special education instruction, Lincoln High School students who received passing grades for work completed, and those enrolled in online credit recovery and dual‑credit classes. District staff worked with a cybersecurity provider to investigate the incident, and the network remained offline until security was confirmed, with no data reported as lost or compromised.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On Thursday, Arctic Wolf, the cybersecurity firm contracted to monitor Bonneville Joint School District 93’s networks, detected an incursion and immediately alerted district officials. Superintendent Scoot G. Woolstenhulme confirmed that the network was shut down that same day as a precautionary measure to protect sensitive information. The shutdown included phone and internet access across all schools and district buildings, as noted in the district’s Facebook announcement. Woolstenhulme stated that the swift action by Arctic Wolf prevented the attackers from exfiltrating any data, so no information was taken or lost. The district’s security team and internal IT staff worked together to contain the incident and stop the attack. Arctic Wolf is also preparing a report to file with the FBI regarding the breach. Parents and staff were notified of the attack on the following Monday morning.
The network shutdown disrupted three summer school programs operating within the district. The special education summer school, which relies on in-person instruction, continued but teachers faced limitations because they needed internet access for certain tasks. Lincoln High School’s summer block, which was in its final week, resulted in the district awarding passing grades to students who had completed more than sixty‑five percent of their coursework. Students enrolled in online summer classes, ranging from credit recovery to dual‑credit offerings, were unable to access their coursework while the network remained offline. Woolstenhulme described the impact on the online program as severe, noting that it is fully dependent on the network for students to access classwork and for teachers to deliver instruction, and estimated a two‑week hiatus until services could be restored. Aside from a prior Power School network incursion earlier in the year, the superintendent said there had been no comparable attack in recent district history.
While the network remains offline, the district continues to work with Arctic Wolf and its own security and IT teams to investigate the incident and verify that systems are secure before restoring connectivity. Communication channels have been opened for parents and staff to ask questions, with the district directing inquiries to the D93.org/askD93 webpage. The district has also begun informing families and students about the status of the summer programs and any adjustments made due to the outage. No further details about the attackers or their methods have been released in the available sources.