Cyber Incident Victim: Des Moines Public Schools
Date:
Nov 2022
Location:
United States of America
Summary
Des Moines Public Schools experienced a ransomware attack that disrupted network operations, prompting the district to cancel classes and take systems offline. The incident compromised personal information, including financial account details, of approximately 6,700 individuals. While no evidence of financial fraud emerged, affected parties were offered credit monitoring services. The district refused to pay the ransom, engaged third-party forensic experts, and collaborated with law enforcement during restoration efforts. Operational impacts included prolonged system outages affecting teaching tools, administrative functions, and communications, requiring offline learning for an extended period. Security enhancements were implemented following the attack to prevent future incidents.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Des Moines Public Schools (DMPS), Iowa's largest school district serving over 31,000 students and 5,000 employees, experienced a cybersecurity incident initially detected on January 9, 2023. The district identified unusual network activity and responded by immediately taking all internet and networked systems offline as a precautionary measure, disrupting access to critical operational and educational tools. This action necessitated the cancellation of classes district-wide on January 10 and 11, 2023, marking the first multi-day closure due to a cyber incident. Athletics and activities were partially disrupted, with home events canceled while away events proceeded. Telephone systems remained operational, enabling limited communication. By January 12, partial restoration allowed classes to resume with offline learning, though networked resources like WiFi remained unavailable. Key systems including Infinite Campus (student data management) and district communications tools were prioritized for restoration, with staff gradually regaining limited internet access. The academic calendar was adjusted, extending the first semester to January 20 and setting the final school day to June 2, 2023, to compensate for lost instructional time.
Subsequent investigation revealed the incident was a ransomware attack that began as early as November 24, 2022, with unauthorized access persisting until detection on January 9, 2023. Forensic analysis confirmed data exposure affecting nearly 6,700 individuals, including students, staff, and at least one Maine resident. Compromised information included names combined with financial account numbers, credit/debit card details, and associated security codes or passwords. DMPS engaged third-party cybersecurity specialists, coordinated with its cyber insurance provider, and sought guidance from the FBI throughout the investigation and recovery. No ransom was paid, consistent with expert recommendations and district policy. By June 19, 2023, affected individuals received mailed notifications and offers of 12-month complimentary credit monitoring through TransUnion, though no evidence of financial fraud or identity theft linked to the breach had been identified. Restoration efforts spanned several weeks, with full network recovery executed cautiously to prevent reinfection, while the district implemented additional technical safeguards to strengthen data security post-incident. Operational impacts extended beyond education, affecting transportation, building operations, health services, and food distribution systems during the network outage.