Cyber Incident Victim: Rockwood School District
Date:
Apr 2021
Location:
United States of America
Summary
Rockwood School District experienced a ransomware attack resulting in unauthorized access to its network systems over a multi-month period, compromising sensitive personal information including names, addresses, Social Security numbers, dates of birth, financial account details, employee and student identification numbers, and academic records. The district engaged law enforcement and forensic specialists to investigate, securing systems and implementing enhanced security measures following the incident. While no actual misuse of data was confirmed, notifications were issued to approximately 77,294 affected individuals with offers of credit monitoring services as a precautionary measure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 17, 2021, Rockwood School District in Eureka, Missouri, discovered malware infections on certain computer systems within its network that prevented access to files. The district immediately notified law enforcement and initiated an investigation with third-party forensic specialists. The investigation revealed unauthorized access to district systems occurred between April 20, 2021, and June 24, 2021, confirming a criminal ransomware attack. While investigators established that systems were compromised, they could not determine precisely which specific information within those systems was accessed by the threat actors. As a precautionary measure, the district conducted an extensive review of all files on the impacted systems to identify potentially exposed personal information. The forensic analysis did not find evidence of actual or attempted misuse of any data extracted during the breach window. The incident remained under active investigation for approximately two months before the district finalized its assessment of potentially affected individuals.
The compromised systems contained varied personal information including names, addresses, Social Security numbers, dates of birth, financial account details, district employee identification numbers, MOSIS identification numbers, and student records. The district's comprehensive file review determined notification was warranted for 77,294 individuals encompassing current and former employees and students. In response, Rockwood implemented additional security measures across its systems and initiated enhancements to existing policies and procedures to strengthen defenses against future incidents. The district secured its network environment and offered complimentary credit monitoring services to affected individuals through its notification process. Public disclosure occurred on August 19, 2021, with the district establishing a dedicated phone line and website portal to address inquiries from impacted parties while continuing coordination with law enforcement authorities.