Cyber Incident Victim: Teays Valley Christian School
Date:
Mar 2025
Location:
United States of America
Summary
Teays ValleyChristian School faced a cybersecurity threat after a student received an email demanding the download of a file or a hit list would be distributed from the student’s account. Law enforcement, including the sheriff’s office and the state fusion center, investigated the message as a potential threat. Analysis revealed that the student’s Discord and school Google accounts were compromised, accessed three times by different IP addresses within a short period, with all personal files viewed quickly. The investigation showed a shift in the account’s internet usage from a local provider to providers in three other states after the breach. Authorities determined the threat did not originate from any student or staff member and pledged to identify and prosecute the responsible party while maintaining a visible presence to ensure safety.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On Thursday, March 20, 2025, the Putnam County Sheriff’s Department received a call from Teays Valley Christian School after a student reported receiving an email that threatened to distribute a so‑called “hit list” using the student’s name and email account unless a specific file was downloaded. The sheriff’s office responded to the school that day to assess the situation and began treating the message as a cybersecurity threat. Chief Deputy Shamblin posted on Facebook the following day, March 21, stating that after an initial review the threat appeared not to be credible but that the department was publicizing the incident to prevent the spread of misinformation. In the same post Shamblin noted that the Putnam County Sheriff’s Office had requested assistance from the West Virginia Fusion Center to trace the origin of the threatening email. The Fusion Center, created after the September 11, 2001 attacks to support intelligence sharing among local, state and federal agencies, was asked to analyze the email’s source. On Sunday, March 23, Shamblin updated the community that deputies would be stationed at the school on Monday to ensure a safe environment for students and staff and that law enforcement would remain proactive in protecting the school population.
On Monday, March 24, Chief Deputy Shamblin shared the findings of the West Virginia Fusion Center’s analyst who had examined the student’s computer hardware. The analysis revealed that the student’s Discord account and Google school account had been subjected to a sophisticated attack that resulted in both accounts being compromised. Within twenty minutes of the initial breach, the compromised account was accessed three separate times by three distinct IP addresses, and all personal files stored on the accounts were accessed within seconds. The analyst also observed a clear change in the account’s usage patterns: prior to the March 20 incident the account had been accessed primarily through a West Virginia‑based internet service provider, whereas after the attack connections originated from three different internet providers located in three separate states. Sheriff Bobby Eggleton added that the investigation had determined the threatening message did not originate from any student or staff member of Teays Valley Christian School and affirmed the office’s commitment to identify and prosecute the responsible party. The Putnam County Sheriff’s Office concluded by stating that, based on the ongoing investigation, they believe students remain safe at the school.