Cyber Incident Victim: Tyngsboro High School
Date:
Oct 2020
Location:
United States of America
Summary
A Massachusetts school district experienced repeated internet outages disrupting remote learning, determined by IT professionals and a cybersecurity provider to result from a DDoS attack originating from a device brought onto the Norris Road campus daily. The incident interrupted educational efforts despite the district's successful adaptation to pandemic challenges, with investigations involving state education officials, an IT solutions firm, and local police to determine whether the disruptions were intentional or caused by a compromised device. Superintendent Dr. Michael Flanagan expressed frustration over the impact on students, families, and staff, emphasizing confidence in resolving the situation while acknowledging the significant disruption to the academic environment.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In October 2020, Tyngsboro High School and middle school in Massachusetts experienced repeated internet outages disrupting remote learning during the COVID-19 pandemic. Superintendent Dr. Michael Flanagan confirmed the district’s IT team and cybersecurity provider determined the outages resulted from distributed-denial-of-service (DDoS) attacks rather than internal hardware failures or issues with their internet service provider. Investigators traced the attack source to a device physically brought onto the Norris Road school campus each morning, though they could not immediately confirm whether the device was intentionally used for sabotage or had been compromised without the owner’s knowledge. The disruptions occurred despite the district’s prior efforts to establish stable remote learning systems, with Flanagan noting the attacks had undermined what had been a successful start to the school year under challenging pandemic conditions. Sandwich Public Schools, another Massachusetts district, faced similar connectivity issues starting October 8, initially misattributed to firewall failures before confirming a DDoS attack.
Tyngsboro’s outages triggered a multi-agency investigation involving state education officials, a contracted IT solutions company, and local law enforcement. Flanagan publicly expressed frustration over the disruption to students, families, and staff, emphasizing the community’s collective efforts to maintain education amid pandemic-related challenges. The district did not disclose technical specifics about the attack vector or mitigation steps beyond collaborating with external experts. No data breach or system compromise beyond service disruption was reported. Sandwich Superintendent Pamela Gould separately notified parents that their district’s issues were externally caused and involved FBI Cyber Crime Unit assistance. Both incidents highlighted the vulnerability of school networks to DDoS attacks during a critical period of reliance on remote learning infrastructure.