Cyber Incident Victim: Alabama State Department of Education
Date:
Jan 2024
Location:
United States of America
Summary
The Alabama State Department of Education experienced a cyber attack resulting in unauthorized access to student and teacher data, potentially including personally identifiable information such as names, addresses, and Social Security numbers, though financial data remained unaffected as it was not stored in the system. Security personnel halted the intrusion before servers could be fully encrypted for ransom, preventing service disruption and enabling restoration from clean backups; an ongoing criminal investigation involves state and federal authorities, with impacted parties to be notified once the scope of compromised data is determined.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 1, 2024, Alabama State Superintendent of Education Eric Mackey publicly disclosed a cyber attack targeting the Alabama State Department of Education (ALSDE). The attack occurred prior to this announcement, though no specific intrusion date was provided. State internet security personnel successfully halted the breach but confirmed unauthorized access to some student and teacher data before containment. Superintendent Mackey refrained from detailing the exact nature or volume of compromised data during his press conference, citing an ongoing criminal investigation involving state and federal law enforcement, the Alabama Attorney General’s Office, the Alabama Office of Information Technology, and an independent cybersecurity contractor specializing in anti-hacking response. Preliminary assessments indicated potentially exposed personally identifiable information (PII), including names, addresses, and Social Security numbers, which could facilitate identity theft. Mackey explicitly confirmed financial data such as credit card numbers or bank routing details remained unaffected, as ALSDE systems do not store such information.
Security teams prevented attackers from fully encrypting departmental servers, averting a ransomware scenario that could have enabled extortion demands or widespread denial-of-service disruptions. All compromised systems were restored using verified clean backups, with additional cybersecurity protocols implemented post-incident. ALSDE affirmed it would not negotiate with or pay ransom to attackers, aligning with FBI guidance. The department established a dedicated webpage (alabamaachieves.org/databreach) and email address ([email protected]) for public inquiries while awaiting final determination of impacted data. Mackey advised educators and parents to proactively monitor their credit reports as a precaution, though formal notifications to affected individuals remain pending completion of the forensic investigation and compliance with legal disclosure requirements. Criminal investigators continue analyzing the attack’s scope and origins, with no attribution or motive disclosed publicly.