Cyber Incident Victim: Mountain View Los Altos High School
Date:
Jan 2020
Location:
United States of America
Summary
A cyber attacker breached the Mountain View Los Altos High School district's digital systems, disrupting operations by locking teachers and administrators out of their Microsoft accounts and other essential platforms including Gmail and Aeries. The incident forced staff to collect attendance manually while district officials confirmed no immediate threat to student accounts. System access remained restricted for educators and administrative personnel as the district responded to the attack.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 6 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On January 30, 2020, Mountain View Los Altos High School (MVLA) experienced a cybersecurity incident when an unidentified attacker breached the district’s digital systems. The breach resulted in widespread disruption as many district teachers and administrators were locked out of their MVLA Microsoft accounts, impeding access to critical operational platforms. In some cases, the compromise extended to other essential accounts, including Gmail and Aeries, a student information system used for grading and attendance management. The immediate impact forced staff to revert to manual processes, with attendance recorded on paper during the morning of the incident. MVHS Principal David Grissom confirmed the breach but indicated no evidence suggested student MVLA accounts were compromised at that stage. The attack specifically targeted administrative and faculty access points, highlighting a disruption to institutional workflows rather than direct student data exfiltration. No details regarding the attacker’s methods, motives, or entry vectors were disclosed. The incident underscored the district’s reliance on interconnected digital systems, as the loss of Microsoft account functionality cascaded into broader operational limitations.
The school’s response centered on maintaining basic operations while investigating the scope of the breach. Staff adapted to offline procedures for core functions like attendance tracking, reflecting the immediate practical consequences of the system lockdown. Principal Grissom’s public acknowledgment aimed to provide transparency while reassuring stakeholders about the integrity of student accounts, though no technical basis for this assurance was elaborated. The incident remained under investigation, with no further public updates regarding containment measures, data recovery, or restoration timelines. The reliance on student journalism—via the MVHS Oracle—for initial reporting indicated limited official communications during the early stages of the incident. Impacts appeared confined to operational disruptions rather than disclosed data loss or financial harm. The breach exemplified the vulnerabilities in educational IT infrastructures, where compromised administrator accounts can swiftly impede daily academic functions without necessarily escalating to student data compromise.