Cyber Incident Victim: Los Alamos Public Schools
Date:
Aug 2022
Location:
United States of America
Summary
A cyber incident disrupted Los Alamos Public Schools' network during the first week of school, causing system outages and technical difficulties. An unauthorized intruder accessed systems, potentially compromising personal information, prompting the district to notify affected individuals via mail with details on exposed data, protective steps, and credit monitoring activation codes. The investigation, supported by third-party specialists, remains ongoing to determine the full scope and impacted parties.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On August 8, 2022, during the first week of the school year, Los Alamos Public Schools (LAPS) experienced network outages and technical difficulties that disrupted certain computer systems. The district promptly secured its systems and initiated an investigation into the incident with assistance from third-party computer specialists. By early September, the ongoing investigation confirmed an unauthorized intruder had gained access to LAPS systems, though the full scope and nature of the breach remained under review. Superintendent Dr. Jose Delfin acknowledged the incident was unprecedented for the district and emphasized efforts to identify affected individuals and assess potential risks. Initial public communications focused on assuring stakeholders that systems were stabilized while investigators worked to determine the extent of data exposure. The disruption occurred during a critical operational period as schools resumed in-person instruction, though specific details about compromised systems or duration of unauthorized access were not disclosed.
By December 2022, LAPS identified individuals whose personal information was potentially accessed during the breach and mailed notification letters containing specifics about the exposed data. Recipients received personalized instructions for credit monitoring via activation codes, along with a dedicated support phone number operational on business days. Those not receiving letters were advised their data was likely unaffected, though a verification hotline was provided for confirmation. The district did not disclose the number of impacted individuals or categories of compromised data but confirmed the incident’s occurrence date remained August 8. No ransomware or financial motive was mentioned in official updates, and the investigation’s conclusions regarding attacker identity or intrusion methods were not publicly released. Response efforts prioritized notifying potential victims and offering protective resources while maintaining academic operations.