Cyber Incident Victim: Santa Fe ISD

Santa Fe Independent School District experienced a network disruption beginning over the weekend of late March 2025, which officials termed a "cyber event." The incident caused widespread outages affecting internet connectivity and campus phone systems, prompting the district to issue social media notifications about the service interruptions. By early April, partial restoration efforts had returned working phones to campuses and reinstated the visitor check-in system used for school security protocols. Despite these recoveries, core network functionality remained impaired, forcing administrators to reschedule standardized STAAR testing originally planned for that week; junior high and high school students were moved to Thursday and Friday, while elementary students faced postponements until the following week. Classroom instruction continued uninterrupted, though the lack of reliable internet and communication tools created operational challenges across district facilities.

The district’s technology team worked to resolve the disruption alongside an external cybersecurity firm, while law enforcement agencies were notified of the incident. Parental concerns emerged regarding potential exposure of sensitive student data, including social security numbers, addresses, and facial images stored in district systems. District communications assured families that private information remained secure, specifically addressing anxieties about financial accounts linked to lunch programs. However, some parents criticized the lack of detailed updates, citing vague explanations that failed to clarify the event’s scope or confirm whether data exfiltration occurred. No threat actor or motive was identified in available communications, and restoration timelines for full network services remained unspecified as of April 1. The incident highlighted logistical impacts on academic scheduling and persistent community apprehensions about data security transparency.