Cyber Incident Victim: Highline Public Schools
Date:
Sep 2024
Location:
United States of America
Summary
Highline Public Schools closed all facilities and canceled activities following a cyberattack that disrupted critical technology systems, forcing operational shutdowns during a significant academic milestone. The district isolated affected infrastructure and is collaborating with third-party experts and government agencies to restore services, prioritizing student safety as the incident caused widespread inconvenience—particularly impacting kindergarten orientations. Central offices remained operational with staff reporting as administrators assessed recovery efforts, while ongoing investigations determined potential impacts on subsequent operations. Serving over 17,500 students and 2,000 staff, the district acknowledged the disruption's burden but provided no details regarding the attack's nature or potential data compromise. Updates on system restoration and further closures were promised pending investigation progress.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Highline Public Schools, a K-12 district serving approximately 17,500 students across 34 schools in Washington’s Burien, Des Moines, Normandy Park, SeaTac, and White Center communities, announced the closure of all schools and cancellation of all activities on Monday, September 9, 2024, following a confirmed cyberattack. The district detected unauthorized activity on its technology systems and implemented immediate containment measures by isolating critical infrastructure to prevent further compromise. This decision disrupted the first day of kindergarten for many families and affected all scheduled school activities, including athletics and meetings, while the district’s central office remained operational with staff instructed to report for duty. Administrators were placed on standby for potential deployment to school sites if required, though instructional operations were deemed untenable without restored systems. Highline emphasized collaboration with third-party cybersecurity experts, state agencies, and federal partners to methodically restore and validate system integrity before resuming normal operations. The district acknowledged the significant burden placed on families and its 2,000+ staff members but reiterated that student safety necessitated the closure until critical systems could be reliably reinstated.
Investigations remained ongoing as of the September 8 announcement, with no public disclosure of the attack’s specific nature, scope of compromised systems, or evidence confirming data exfiltration involving student or staff information. Highline committed to providing further updates by 2:00 p.m. on September 9 regarding potential impacts on Tuesday’s operations, maintaining direct communication channels with affected stakeholders throughout the incident. Contingency measures included relocating a scheduled vaccine clinic to the Matt Griffin YMCA in SeaTac to mitigate community service interruptions unrelated to academic systems. The district directed staff to follow predefined protocols for closure scenarios, underscoring the operational dependency on technology for core educational functions. This incident occurred amid a broader pattern of cyber targeting against educational institutions globally, though Highline’s response focused exclusively on containment, restoration, and transparent stakeholder communication without attributing blame or speculating on motives.