Cyber Incident Victim: Lindenhurst School District

In late September 2020, the Lindenhurst School District experienced intermittent internet outages disrupting its network operations. Superintendent Daniel Giordano confirmed through a community letter that the district’s Network Operations Center had identified the cause as a Distributed Denial of Service (DDoS) cyberattack. This type of attack involved flooding the district’s systems with excessive data traffic to overwhelm internet resources and render them unusable. The disruptions occurred during the preceding week, though the exact start date wasn’t specified. Giordano characterized such attacks as commonplace against businesses and government entities, emphasizing their intent to create operational disruption rather than to compromise sensitive information. He explicitly stated no personal data breaches occurred during the incident. The intermittent outages directly impacted the district’s internet-dependent services, though specific affected systems beyond general network connectivity weren’t detailed.

The district formally reported the cyberattack to the Suffolk County Police Department under provisions of the Computer Fraud and Abuse Act, which classifies DDoS attacks as federal crimes punishable by imprisonment and fines up to $500,000. Following New York State protocols, Suffolk County Police were responsible for escalating the case to the Department of Homeland Security for investigation. Throughout the incident response period, the Network Operations Center implemented corrective measures to stabilize internet services, continuing these efforts into the week following the attack’s disclosure. No threat actor attribution, ransom demands, or specific technical mitigation strategies were disclosed in the public statement. The superintendent’s communication focused on confirming the attack’s nature, legal repercussions for perpetrators, and assurances of data security while acknowledging ongoing service restoration work.