Cyber Incident Victim: Newberg-Dundee Public Schools
Date:
Jun 2024
Location:
United States of America
Summary
Newberg-Dundee Public Schools experienced a ransomware attack disrupting computer networks and phone systems, reported to federal authorities. The FBI confirmed the incident involved malicious software encrypting data to extort payment, typically targeting sensitive student and employee records. Despite district claims that the attack did not impact their network, they retained a California-based law firm specializing in cybersecurity incident litigation, suggesting potential data compromise. The firm's involvement raised questions about the accuracy of official statements regarding the attack's scope and legal compliance in hiring external counsel. Network outages occurred shortly before the attack's disclosure, though the exact intrusion method remains unconfirmed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 12, 2024, Newberg-Dundee Public Schools announced via district-wide email that its computer network had suffered a cyber attack. Interim Superintendent Paula Radich disclosed the incident one day after her controversial appointment during a school board meeting. The FBI confirmed the attack involved ransomware, malicious software designed to encrypt data and demand payment for its release. District communications indicated immediate operational disruptions, including network outages and inoperable phone lines, initially attributed to an "issue with the internet" in an email from district official Jillian Daley. While the district claimed the attack "not impacted our computer network," the engagement of Constangy, Brooks, Smith and Prophete—a law firm specializing in cybersecurity incident litigation—suggested potential data compromise concerns.
The district reported the incident to federal authorities but did not specify whether student or employee records were accessed. No details emerged regarding ransom demands, payment status, or data recovery processes. Operational consequences included disabled network services affecting administrative and communication systems. The legal firm’s involvement raised questions about potential data exposure, given its expertise in defending clients against lawsuits stemming from compromised personal information. The incident occurred amid leadership transitions and procedural questions regarding the law firm’s retention without explicit board procurement approval. District statements emphasized federal coordination but provided no technical specifics about attack vectors, containment measures, or restoration timelines.