Cyber Incident Victim: Gardiner Public Schools

On or around November 26, 2020, Gardiner Public Schools in Montana discovered a potential data security incident involving unauthorized access to its systems. The district engaged outside legal counsel and third-party forensic experts to investigate the breach, secure affected systems, and assess the scope of compromise. While the investigation remained ongoing at the time of reporting, preliminary findings indicated ransomware involvement. Gardiner Public Schools issued a public statement acknowledging the incident but did not confirm whether data exfiltration occurred, noting the priority was ensuring system security and determining what information might have been accessed. The district committed to providing updates as significant developments emerged and requested community patience during the investigation. This incident occurred amid heightened operational challenges for K-12 institutions managing COVID-19 safety protocols alongside educational responsibilities.

The DoppelPaymer ransomware group claimed responsibility for the attack and demonstrated proof of compromise by publicly uploading three files stolen from Gardiner's systems. One exposed file contained a student accommodation plan detailing specific educational adjustments for an individual learner, indicating the potential exposure of sensitive student records. DataBreaches.net reported the breach but noted uncertainty regarding the full extent of personal information accessed or exfiltrated, including whether staff data was compromised. Gardiner Public Schools continued working with forensic specialists to establish the attack's timeline, identify all affected systems, and evaluate data impact. No ransomware payment demands or network disruption consequences were disclosed in available reports as of the initial statement date.