Cyber Incident Victim: Oklahoma City Public Schools

On September 24, 2018, Oklahoma City Public Schools (OKCPS) disclosed a disruption to its student information system caused by a denial of service attack targeting Infinite Campus, the third-party provider hosting the district’s parent portal. Infinite Campus, described as one of the largest student information system providers in the United States, experienced the attack on its infrastructure, which impaired access to web-hosted applications for its customers, including OKCPS. The district confirmed the incident affected its ability to provide portal access to parents and guardians but emphasized the event did not constitute a data breach. OKCPS explicitly stated Infinite Campus had not been hacked, indicating the disruption stemmed from the denial of service attack’s impact on service availability rather than unauthorized data access or system infiltration. The attack specifically targeted the web-hosted applications, limiting functionality for districts relying on Infinite Campus’s platform.

The incident resulted in operational limitations for OKCPS and other Infinite Campus customers, restricting access to the parent portal used for student-related information. OKCPS communicated the nature of the disruption to stakeholders, clarifying that no evidence suggested compromise of student or staff data. The district’s public statements focused on distinguishing the service interruption from a security breach involving data exfiltration or system intrusion. No additional technical details regarding the attack’s duration, mitigation measures, or specific impact scope beyond the parent portal were disclosed in the available reporting. Infinite Campus’s role as a centralized service provider meant the attack affected multiple educational entities simultaneously, though OKCPS was the only district explicitly named in initial reports. The district maintained transparency about the service outage while reiterating the integrity of its data systems remained intact.