Cyber Incident Victim: Selma Unified School District

On August 28, 2020, Selma Unified School District in California experienced a disruptive ransomware attack that compromised critical systems overnight. The intrusion targeted the district’s network infrastructure, specifically locking access to the student information system and other operational platforms. Ransomware—a type of malware that encrypts data or systems until a payment is made—was confirmed as the attack method, though the perpetrators’ specific demands remained unclear as district staff did not engage with the hackers’ communication attempts. Initial assessments indicated no evidence of data exfiltration, suggesting the primary impact was operational disruption rather than information theft. The attack’s timing during overnight hours allowed it to propagate before detection, forcing an immediate emergency response at the start of the school day.

In response to the incident, district IT personnel initiated a full network shutdown to isolate and eradicate the ransomware threat, a containment strategy that left all systems offline throughout Friday. This prolonged outage severely disrupted virtual instruction, compelling teachers to abruptly terminate online classes due to inaccessibility of essential platforms. Restoration efforts focused on cleansing infected systems and restoring functionality, though the extent of technical damage was not publicly detailed. The district’s decision to sever network connectivity prioritized threat elimination over service continuity, reflecting the severity of the compromise. No further details regarding financial demands, data recovery timelines, or attribution were disclosed in initial reports, with the immediate consequence being a full day of lost instructional time during remote learning operations.