Cyber Incident Victim: Fort Sumner Municipal Schools

On May 19, 2022, Fort Sumner Municipal Schools in New Mexico confirmed it suffered a cybersecurity incident involving the Cl0p ransomware group. The attack compromised district servers, leading to the theft of sensitive personal information belonging to students, faculty members, and parents. The stolen data included scans of driver’s licenses and other confidential documents. Cl0p publicly displayed this information on its dedicated leak site, demonstrating the group’s intent to extort the district by threatening further exposure. Superintendent Matt Moyer stated the district engaged cyber-counterintelligence specialists to negotiate with the threat actors and protect the compromised data. Despite these efforts, negotiations failed when Cl0p acted in bad faith by releasing the stolen information. The district involved the FBI to investigate the breach, though specific technical details about the intrusion vector or duration of network compromise were not disclosed.

The incident disrupted school operations and exposed the community to potential identity theft risks due to the leak of government-issued identification documents. Cl0p’s involvement aligned with its established pattern of targeting educational institutions; the group has historical ties to Eastern Europe and continued operations despite a 2021 international law enforcement disruption. Fort Sumner’s response focused on containment through expert negotiations and law enforcement collaboration rather than public disclosure of remediation steps. No information was provided regarding ransom demands, payment status, or full restoration timelines. The attack exemplified the persistent threat ransomware groups pose to K-12 institutions, with at least 10 U.S. school districts affected by similar incidents in 2022 according to Emsisoft’s tracking.