Cyber Incident Victim: Walled Lake Consolidated School District

On or around October 10, 2020, Walled Lake Consolidated School District in Michigan experienced a ransomware attack that disrupted its operations. The district focused on recovering its systems but did not publicly confirm whether data had been compromised during the incident. Threat actors behind the attack began pressuring the district to pay the ransom by selectively leaking stolen data on their dark web site. On October 24, they released a limited set of files as proof of access to the district's systems, explicitly referencing the district's public statements about the attack to validate their claims. Subsequent data dumps included increasingly sensitive information, with threat actors directly quoting and mocking the district's October 27 update about the attack's impact on their return-to-school plans.

The leaked data included salary schedules, personnel records containing certifications and assignments, retirement and resignation documents, and spreadsheets listing teachers' names, assigned classes, contact information, and partial birth dates. Student IDs and district login credentials were also exposed, along with staff injury reports containing personal details. Despite multiple data leaks throughout late October, the district's official communications as of October 27 made no acknowledgment of the data exposure, instead emphasizing system recovery efforts and the challenges posed by the attack's timing. DataBreaches.net attempted to contact the district regarding the initial data dump but received no response, and observed no public warnings to affected staff or students about identity theft risks. The district maintained the attack was "impossible to anticipate" in their statements, while threat actors continued using the leaked data as leverage in their extortion attempts.