Cyber Incident Victim: Bernards School District
Date:
Apr 2021
Location:
United States of America
Summary
A cyber-attack targeting school districts in Somerset County, New Jersey, prompted closures and operational disruptions, including a shutdown affecting Bernards School District. Systems outages persisted for multiple days in at least one district, impacting computer networks and staff voicemail, though virtual learning remained accessible. Authorities collaborated with cybersecurity experts and law enforcement during restoration efforts, with FBI advisories influencing closure decisions to mitigate organizational damage—actions consistent with ransomware incidents. Limited operational timelines were provided due to ongoing investigations, and officials restricted public disclosures about attack specifics or recovery progress.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In early April 2021, multiple school districts in Somerset County, New Jersey, experienced disruptive cybersecurity incidents. Bernards Township School District closed all schools on April 7 following a suspected cyberattack, marking the first confirmed disruption in the county. One week later on April 12, Hillsborough Township Public Schools also closed facilities after detecting similar security issues. The Hillsborough incident caused sustained technical outages, with computer systems and staff voicemail services remaining non-operational through at least April 13. Both districts transitioned to virtual instruction during closures, maintaining educational continuity despite infrastructure compromises. Hillsborough Superintendent Lisa Antunes communicated via email on April 13 that the district's technology team was collaborating with cybersecurity experts and law enforcement agencies to restore systems. The FBI advised the April 12 closure decision to limit organizational damage, suggesting potential ransomware involvement though no explicit confirmation was provided.
Recovery efforts progressed methodically but without established timelines, as articulated in district communications. Superintendent Antunes emphasized operational constraints on information sharing, citing investigative complexities and coordination with law enforcement partners. Restoration work focused on rebuilding compromised systems rather than temporary workarounds, indicating significant infrastructure damage. While Hillsborough's technical disruptions persisted beyond the initial closure date, Bernards School District's recovery status remained unspecified in available reports. No threat actors claimed responsibility publicly, and investigators withheld attribution details. The incidents disrupted standard administrative operations and required sustained remediation resources, though academic programming continued through alternative delivery methods. Both districts maintained cooperation with federal authorities throughout the response period, adhering to investigative protocols that limited public disclosure of technical specifics.