Cyber Incident Victim: Whitehouse Independent School District
Date:
Jul 2021
Location:
United States of America
Summary
Whitehouse Independent School District experienced a cybersecurity incident involving unauthorized access and data exfiltration by the Vice Society threat actor group. The attackers publicly dumped stolen data on the dark web after claiming the district failed to respond to their communications. Compromised information included extensive personnel records covering current and former employees, job applicants, and substitute teachers spanning multiple years, containing names, addresses, Social Security numbers, payroll details, benefits documentation, and corrective action files. Student records were also affected, exposing sensitive educational documents such as graduation planners, academic achievement reports, transfer student files, and disability accommodation plans containing personally identifiable information. The district engaged third-party forensic specialists and law enforcement but did not publicly confirm specific details about the scope beyond acknowledging potential compromise of employee and student data.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 6 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around July 8, 2021, Whitehouse Independent School District (ISD) in Texas publicly disclosed a cybersecurity incident involving unauthorized access to its computer systems. The district’s statement indicated the disruption was contained immediately upon discovery, with third-party forensic specialists engaged to investigate the scope and restore secure operations. While the investigation remained ongoing at the time of the statement, preliminary findings confirmed the compromise of limited student and employee records, potentially including personally identifiable information such as home addresses, phone numbers, and Social Security numbers (SSNs). Law enforcement and legal counsel were notified to coordinate response efforts, and the district directed inquiries to Communications Specialist Nikki Simmons. The threat actor group Vice Society claimed responsibility for the breach, stating they publicly dumped all exfiltrated data on the dark web after receiving no response from the district during negotiations.
The data dump, reviewed partially by DataBreaches.net, contained over 18,000 files exposing sensitive information spanning more than a decade. Employee records included current and former staff details, with files dating back to 2007 containing job applicants’ names, addresses, and full SSNs. Personnel databases from 2015, 2016, and 2020 listed hundreds of employees per year with similar identifiers, alongside substitute teacher records from 2010–2020. Payroll documents, corrective action files from 2017 onward, and benefits records—such as Texas retirement system forms—were also compromised, revealing employee dependents’ names, dates of birth, and SSNs for over 2,000 individuals. Student data included REACH Personal Graduation Planners and Texas Achievement Records with names, birthdates, addresses, SSNs, grades, course histories, and class rankings. Approximately 150 academic records for 2020–2021 graduates, 130 transfer student files from 2019–2020 (including immunization and family details), and confidential 504 Accommodation Plans for students with disabilities were among the leaked materials. The district faced mandatory notifications to thousands of affected individuals, though no specific timeline or completion status was provided in the available sources.