Cyber Incident Victim: Groton Public Schools
Date:
Feb 2024
Location:
United States of America
Summary
The Groton Public Schools experienced a cyberattack that caused a district-wide internet outage, detected when one school lost connectivity. Technology staff identified the attack within minutes and activated a disaster recovery plan, restoring 90-95% of services within six hours. The district collaborated with local police, the Department of Homeland Security, technology vendors, and cybersecurity insurance teams for forensic investigation and legal guidance, maintaining limited public disclosure due to the incident's sensitivity. Systems were fully restored following the response.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On the morning of February 1, 2024, Groton Public Schools experienced a cyberattack targeting its network infrastructure, resulting in a district-wide internet outage. Director of Technology Clint Kennedy received an alert at 6:30 a.m. indicating one school had lost internet connectivity, which he deemed unusual given the district’s monitoring systems for both district-wide and individual school internet access. Kennedy immediately contacted the network manager, and within 20 to 25 minutes, they confirmed the outage was caused by a malicious network attack. The district activated its pre-established disaster recovery plan to contain the incident and restore services. By approximately six hours after detection, internet access was partially restored to 90-95% of the district’s systems, though the recovery did not achieve full functionality. Kennedy noted the response timeline represented a significant improvement over prior cyber incidents in other Connecticut districts like Hartford, East Lyme, and Stonington.
Groton Public Schools maintained collaboration with multiple external entities throughout the response. Kennedy confirmed ongoing coordination with local law enforcement, the U.S. Department of Homeland Security, and the district’s technology vendor to investigate the attack. The district also engaged two specialized groups through its cybersecurity insurance provider: one conducting forensic analysis of the incident and another providing legal guidance on regulatory obligations and response protocols. No further technical details about the attack vector, attacker identity, or data compromise were disclosed publicly due to investigative sensitivities. The district’s technology systems were fully operational following the restoration efforts, with no additional disruptions reported after the initial containment. Kennedy emphasized the effectiveness of the disaster recovery plan during the Board of Education update on February 5, though he acknowledged the partial restoration indicated room for procedural refinement.