Cyber Incident Victim: Ridgewood Public Schools

On November 5, 2024, Ridgewood Public Schools experienced a cyberattack targeting its computer network during the early morning hours of Election Day. Superintendent Mark Schwarz confirmed the incident via email to district families, stating that unauthorized access attempts by an external entity triggered alerts within the district’s cybersecurity systems. The district’s IT team responded immediately to these alerts, successfully preventing the attacker from gaining access to internal servers or disrupting any operational systems. Initial investigations revealed no evidence of compromise to personal information belonging to students or staff members. However, the attacker did access certain directory information, including encrypted password hashes, which the district emphasized could not be used for direct system access due to their secure encryption. The attack was fully contained within the same day, with no reported operational interruptions to school activities or election-related processes.

The incident resulted in limited data exposure restricted to non-sensitive directory structures and password hashes. As a precautionary measure, the district announced a mandatory district-wide password reset for all users, scheduled to begin the following Monday. Students in grades 6–12 would receive instructions to update their passwords independently, while elementary students would be issued new passwords generated and distributed by the district. Authorities were notified, and the district collaborated with them to investigate the incident further. No additional data breaches or system compromises were identified beyond the initial scope. The district maintained communication with families through the superintendent’s email, directing questions to a designated contact address but providing no further updates at the time of the initial disclosure.