Cyber Incident Victim: Duneland School Corporation
Date:
Oct 2021
Location:
United States of America
Summary
The Duneland School Corporation, an Indiana school district, experienced unauthorized system access potentially resulting in data acquisition. Compromised files contained sensitive personal and health information from employment records and self-insured health plans, including names, birth dates, Social Security numbers, driver's license details, and benefits data. The district offered affected individuals credit monitoring services through a third party and recommended vigilance in reviewing insurance statements, though the threat actors and total impacted individuals weren't publicly identified.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The Duneland School Corporation, a school district in Indiana, experienced a cybersecurity incident between October 21 and October 27, 2021. On October 27, the district discovered unauthorized access to its systems during that seven-day period. Subsequent investigation revealed that an intruder potentially acquired files containing sensitive information related to the organization’s self-insured health plan and general employment records. The compromised data included employee and dependent names, dates of birth, Social Security numbers, driver’s license numbers (where provided to the district), and benefits information. No evidence suggested student educational records were affected. The incident displayed characteristics consistent with ransomware attacks, though the district did not explicitly confirm ransomware deployment or data encryption.
Upon confirming the breach, Duneland School Corporation initiated a multi-phase response. The district conducted a thorough forensic review of the accessed files to determine the scope of exposed personal information. It issued public notifications through its website and direct communications to impacted individuals, urging vigilance in monitoring health insurance statements for suspicious activity. Affected parties were offered complimentary credit monitoring and identity restoration services through Kroll, a third-party risk mitigation firm. The district did not disclose the total number of notified individuals or specify whether data exfiltration occurred alongside system access. Law enforcement involvement and technical details regarding intrusion methods remained undisclosed in public statements. No ransomware group claimed responsibility for the incident at the time of initial reporting.