Cyber Incident Victim: Fairfax County Public Schools
Date:
Sep 2020
Location:
United States of America
Summary
Fairfax County Public Schools experienced a ransomware attack attributed to the Maze threat actors, who listed the district on their leak site and provided proof of exfiltrated files. The district confirmed the compromise of some technology systems and initiated an investigation with the FBI and external security experts to assess potential impacts on data, including personally identifiable information of students, staff, and families. With approximately 187,000 students and 25,000 staff affected, the district emphasized its commitment to protecting sensitive information and prosecuting responsible parties, though the full scope of data exposure remained undetermined at the time of disclosure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Fairfax County Public Schools (FCPS), a large Virginia school district serving approximately 187,000 students and 25,000 staff members, confirmed it was targeted in a ransomware attack on or around September 2020. The ransomware group Maze publicly listed FCPS on its data leak site during that period, providing samples of allegedly stolen files as proof of system compromise. External inquiries by media outlets prompted FCPS to acknowledge the incident publicly, though the district offered minimal operational details at the time of disclosure. FCPS Director of News & Information Lucy Caldwell confirmed the district had initiated an investigation and notified its community via an official website statement. The district’s public communication indicated ransomware had been deployed on unspecified technology systems but did not describe the initial attack vector, duration of unauthorized access, or specific systems compromised. FCPS characterized the threat actors as cybercriminals linked to global ransomware operations targeting educational institutions and corporations. The district engaged cybersecurity experts to assess the breach scope and collaborated with the Federal Bureau of Investigation (FBI) on the criminal investigation.
The district’s ongoing forensic investigation had not yet determined whether personally identifiable information of current or former students, staff, or families was accessed or exfiltrated at the time of public disclosure. Maze’s continued listing of FCPS on its leak site suggested the district did not meet ransom demands, increasing the likelihood of further data exposure. FCPS committed to prosecuting responsible parties through law enforcement channels and emphasized its focus on protecting community data. The incident created operational uncertainty for stakeholders due to the lack of confirmed details regarding data impact, though the district’s scale—encompassing historical records beyond current enrollment and employment figures—heightened potential exposure risks. No system restoration timelines, specific containment measures, or academic disruptions were detailed in available public statements. The investigation remained active with external partners to establish the full technical and informational consequences of the intrusion.