Cyber Incident Victim: Cobb County School District
Date:
Feb 2023
Location:
United States of America
Summary
A cyber attack targeting the Cobb County School District's emergency alert system triggered a false alarm that placed all 112 schools into a code red lockdown, causing significant anxiety among students and staff. The incident, identified as an intentional external attack uniquely affecting the AlertPoint system, prompted an investigation involving law enforcement's technology crimes unit. Separately, an unrelated technological malfunction involving UV sanitizing lights occurred weeks later at one elementary school, leading to their temporary suspension, though no connection to the cyber incident was established. The district faced community inquiries regarding both systems but had not provided detailed public explanations at the time of reporting.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 2, 2023, the Cobb County School District experienced a cybersecurity incident involving its AlertPoint emergency notification system. A false alarm indicating an active threat triggered a districtwide code red lockdown across all 112 schools and campuses, affecting approximately 107,000 students. District officials initially described the event as a system malfunction but later confirmed it resulted from a "targeted, external attack" specifically targeting the AlertPoint infrastructure. Staff followed standard protocols by implementing lockdown procedures, which caused significant anxiety among students and faculty despite no actual threat being present. The district launched an internal investigation and subsequently involved the Cobb County Police Department's Technology Based Crimes Unit to treat the incident as a potential cyber attack. Technical analysis determined the compromise was uniquely limited to the AlertPoint system, with no evidence of broader network infiltration. The district maintained normal operations for both in-person and remote learning throughout the incident.
The false alarm prompted numerous parents to contact Superintendent Chris Ragsdale and Board of Education members seeking details about the AlertPoint system's vulnerabilities, though the district provided no public explanations during subsequent board meetings. While evaluating the cyber attack's origins, district officials indicated potential reconsideration of their contract with AlertPoint but made no definitive announcements. Approximately three weeks after the lockdown incident, an unrelated technological malfunction occurred at Argyle Elementary School involving ultraviolet sanitizing lights installed as part of a pilot program. A power source issue caused flickering in ceiling-mounted UV lights designed for overnight activation, with up to two units briefly activating in unoccupied areas during school hours. The district suspended use of all UV lights pending investigation but did not address community concerns about potential health risks from accidental exposure. Law enforcement maintained active investigations into both incidents, with tip lines established for public information sharing.