Cyber Incident Victim: Bay Shore School District
Date:
Sep 2020
Location:
United States of America
Summary
A cyberattack disrupted computer services for students and staff in the Bay Shore school district, causing intermittent operational interruptions that impacted remote and in-person learning activities. The incident involved a distributed denial-of-service (DDoS) attack targeting system functionality rather than data theft, with no evidence of a breach identified. Similar attacks affected neighboring districts, including Lindenhurst, where disruptions interfered with livestreamed classes and caused instability for remote learners. Authorities were notified, citing potential federal penalties including fines and imprisonment under computer fraud laws. Technical teams collaborated with service providers to mitigate the attack, while historical context referenced a separate ransomware incident in another district where hackers demanded payment to restore system access.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In late September 2020, the Bay Shore School District experienced a cyberattack that disrupted computer services for students and staff. Superintendent Joseph Bond confirmed via the district's website that the incident constituted a distributed denial-of-service (DDoS) attack designed to flood the district's computer systems rather than steal information. The attack caused intermittent service disruptions across district buildings, directly impacting instructional and operational activities. These disruptions occurred during heightened reliance on digital systems due to remote learning requirements under the COVID-19 pandemic. Bond noted similarities between this incident and cyberattacks targeting other Long Island school districts in preceding weeks, specifically referencing Lindenhurst School District's DDoS attack reported earlier that same week. Technical staff collaborated with external service providers to restore functionality, though the district did not disclose the attack's exact duration or technical specifics. No evidence indicated compromised data or system breaches.
The district initiated law enforcement involvement, with Bond stating authorities would investigate under the federal Computer Fraud and Abuse Act, which carries penalties including imprisonment and fines up to $500,000. Such cases typically escalate to the U.S. Department of Homeland Security. Bond publicly acknowledged staff resilience, thanking teachers for maintaining instruction and technology personnel for mitigation efforts. Contextual references highlighted regional vulnerabilities, including Lindenhurst's attack that blocked teacher livestreams to remote students and caused visible classroom interruptions, alongside Rockville Centre School District's unrelated 2019 ransomware incident involving an $88,000 payment to hackers. Bay Shore's disclosure emphasized operational restoration priorities over financial extortion or data theft concerns.