Cyber Incident Victim: Davenport Community Schools

In September 2022, Davenport Community Schools in Iowa experienced a week-long internet outage initially attributed to "server repairs." Superintendent TJ Schneckloth addressed the disruption publicly on September 13, framing it as technical maintenance. By October 4, the district revised its statement to confirm a cyberattack had occurred, crediting its IT staff and unnamed national experts for defending against the intrusion. The district asserted no evidence indicated personal information was compromised and explicitly denied any ransom payment, though it did not clarify whether a ransom demand had been made. Despite these assurances, the threat actor Karakurt—previously flagged in a CISA alert—listed the district on its clearnet and dark web sites, claiming possession of 845 GB of stolen data including a "massive array" of student personal information. Karakurt threatened to release this data but provided no proof of claim by the article’s November 1 update.

The incident disrupted district operations for approximately one week, forcing reliance on offline systems. Davenport Community Schools maintained its position throughout, reiterating on September 30 that no personal data was exfiltrated and no ransom was paid. Independent inquiries by DataBreaches.net to both the district and Karakurt yielded no responses, leaving the conflicting claims unresolved. Karakurt’s public posturing remained unsubstantiated, with no proof pack or sample data published to validate its assertions. The district did not disclose technical details about the attack vector, containment measures, or the scope of affected systems beyond acknowledging the internet outage. No further updates from either party were reported by early November, leaving the veracity of Karakurt’s claims and the full impact of the incident unverified.