Cyber Incident Victim: IC Imagine Public Charter School

On or around May 1, 2023, IC Imagine Public Charter School in Asheville, North Carolina, became the target of a cyberattack. The incident rendered critical operational technology non-functional, specifically impacting the school's phone systems and internet connectivity. The disruption to these essential services was severe enough to compromise the school's ability to conduct normal daily operations and maintain communication channels. The school administration moved to inform parents of the situation on Tuesday, May 2, 2023, detailing the operational failures caused by the attack. The direct impact on communication infrastructure was immediate and total, indicating a significant compromise of the network systems that support these services.

The school's officials were formally notified about the nature of the incident by the North Carolina Department of Public Instruction. This external notification confirmed the event as a cyberattack and initiated a coordinated response effort between the school and the state agency. The involvement of the state department signaled the seriousness of the incident and the need for a higher level of investigative and remedial support. Based on the assessment of the damage and the ongoing investigation, school leadership determined that a closure was necessary to facilitate the response and to prevent further disruption or potential harm. Consequently, a decision was made to cancel all classes and close the school for the entire day on Wednesday, May 3, 2023.

This closure represented a direct and tangible consequence of the cyberattack, disrupting the education of all students enrolled at the charter school. The cancellation of a full school day required the administration to immediately develop a plan to account for the lost instructional time as mandated by educational requirements. The solution devised was to convert a previously scheduled teacher work day on Friday, May 12, 2023, into a Remote Learning Day. This decision necessitated a shift in planning and required the school to commit to providing families with further details and instructions regarding the structure and expectations of the remote learning day in the immediate future, once systems were restored.

Despite the widespread cancellation of classes and the severe degradation of the school's primary technological services, the cyberattack did not completely halt all scheduled activities. Certain events that were independent of the school's compromised infrastructure were able to proceed as planned. Specifically, the Advanced Placement Literature and Composition Exam for students was still administered at its scheduled time of 8 a.m. on Wednesday, May 3. This exam was held at an off-site location, the WRESA facility, which was unaffected by the attack on IC Imagine. This allowed students to complete their important standardized testing without delay or rescheduling, mitigating one potential academic impact.

Furthermore, the school's athletic programs were also able to continue without interruption despite the closure. Both tennis and soccer matches or practices were confirmed to be happening as originally scheduled. The ability of these extracurricular activities to proceed indicated that their operations were not reliant on the internal network systems that were rendered inoperable by the cyberattack. This allowed for a semblance of normalcy for student-athletes and their families during a period of significant institutional disruption. The continuation of these specific events highlighted the selective but severe nature of the systems targeted by the attackers.

The primary technical response to the incident involved a collaborative effort between IC Imagine school officials and the North Carolina Department of Public Instruction. The school's initial communication to parents stated that addressing the issue would likely require several days of concentrated work with the state agency. This timeframe suggested a complex recovery process involving forensic analysis, system remediation, and the restoration of services from backups or through rebuilding compromised systems. The multi-day estimated downtime for phones and internet pointed to a potentially serious compromise that required careful investigation to ensure a secure and complete recovery before bringing systems back online.

The incident had a cascading effect on the school's academic calendar and operational planning. The conversion of the May 12 teacher workday into an instructional day required significant logistical adjustment. Teachers, who would have used that day for planning and professional development, instead had to prepare materials and lessons for a remote learning environment. This change also impacted families, who needed to adjust their schedules to accommodate their students learning from home on a day that was initially intended to be a school closure. The school administration committed to providing more detailed information about the remote learning day to parents and students in the days following the initial announcement, once their own communication capabilities were fully restored.

The cyberattack on IC Imagine serves as a clear example of the vulnerability of educational institutions to digital threats. The direct result was a complete loss of core operational capabilities, including communication and internet access, which are fundamental to the modern functioning of a school. The forced closure demonstrates the very real-world impact that a cyber incident can have, halting education and requiring days of recovery effort. The response was managed in coordination with state-level authorities, underscoring the need for external support in managing such crises. The school's efforts to mitigate the impact on students, particularly by ensuring critical exams and athletics could proceed, show the prioritization of student needs during a disruptive event. The entire incident, from the initial detection and notification to the multi-day recovery and academic rescheduling, outlines a contained but significant disruption to a public charter school's operations caused by a malicious cyber event.