Cyber Incident Victim: Lowell Public Schools
Date:
Feb 2024
Location:
United States of America
Summary
A cyberattack targeting Lowell Public Schools was blocked by security software, prompting a precautionary shutdown of all internet access to prevent potential malware spread. While no data was exfiltrated, systems damaged, or ransom demanded, recovery efforts involved restoring internet access, changing passwords, and coordinating with city IT to securely reintegrate systems like MUNIS; the district anticipates full recovery faster than a prior university incident. The School Committee unanimously approved an external security audit to evaluate network protections amid ongoing restoration. Concurrently, migrant student enrollment remained manageable, with state reimbursements supporting services for new arrivals.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 4 motives | 5 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 28, 2024, Lowell Public Schools experienced an attempted cyberattack targeting a district file server. The district’s cybersecurity software successfully blocked the intrusion attempt, but the information technology department proactively shut down all internet access across the school system to prevent potential malware propagation. Superintendent Liam Skinner confirmed the attack was unsuccessful, with no data exfiltration, system damage, or ransomware compromise. This incident differed from an April 2023 cyberattack on Lowell city systems claimed by the "Play" group, which had caused ongoing municipal recovery efforts. District spokesperson Jennifer Myers reported full restoration of school internet access by late March 7, though IT staff continued visiting schools to reset passwords and verify system readiness. Access to MUNIS—a municipal management system—remained pending city approval for reactivation. Staff retained email, Google Suite, and Aspen/X2 student management system access during the outage.
The disruption lasted approximately one week, with Skinner comparing it to UMass Lowell’s 2021 cybersecurity incident that required two weeks of recovery. Lowell’s IT department deployed Cynet security software across all district computers and collaborated with City Hall’s Management Information Systems to ensure comprehensive security restoration before full system reopening. Superintendent Skinner acknowledged staff frustration but praised their adaptability. School Committee member Dave Conway cited persistent threats in advocating for an external network security audit, a motion unanimously approved during the March 8 meeting. No educational data breaches or ransomware demands occurred, and migrant student enrollment processes—discussed separately in the same meeting—remained unaffected by the cyber incident. City Manager Tom Golden’s team provided direct support throughout the recovery, which Skinner characterized as nearing completion with expectations of outperforming UMass Lowell’s resolution timeline.