Cyber Incident Victim: Pascagoula-Gautier School District
Date:
Oct 2020
Location:
United States of America
Summary
The Pascagoula-Gautier School District experienced a ransomware attack by the DoppelPaymer group, compromising a server containing student data without social security numbers. Investigators could not confirm if data was exfiltrated, and no ransom was paid. Subsequently, attackers publicly released extensive files including student details such as names, contact information, grades, and disciplinary records, alongside employee data with full Social Security numbers, salary, and benefits information. While financial and nutrition records remained secure, the breach exposed sensitive personal information affecting thousands of students and staff members.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On October 20, 2020, the Pascagoula-Gautier School District in Mississippi suffered a ransomware attack attributed to the DoppelPaymer threat actor group. The district, serving approximately 7,000 students across 19 campuses, promptly initiated an investigation with its Information Systems Department and the Mississippi Army National Guard Cyber unit. Investigators confirmed that servers containing financial records and child nutrition data remained uncompromised. However, they identified a breach of a student data server that did not contain Social Security Numbers (SSNs). The investigation could not conclusively determine whether student data or other network information had been exfiltrated. District Superintendent Rodolfich publicly stated no ransom was paid to the attackers. Initial communications to the community emphasized uncertainty about data theft while asserting critical financial systems remained secure.
In the weeks following the attack, DoppelPaymer published stolen data from the district on their leak site. The dump included multiple files containing sensitive information on students and staff. One spreadsheet contained records for over 6,500 students with fields including student IDs, full names, demographic details, contact information, parent/guardian relationships, and academic indicators – though password fields were empty and no SSNs appeared in this dataset. A separate file disclosed behavioral incident reports from August to October 2020, listing student names, schools, and disciplinary outcomes. Employee records exposed in the breach proved more severe, containing full SSNs, salary information, benefits details, and employment contracts. While some student data might qualify as directory information under district policies, the release of parent contact details and staff SSNs represented confirmed privacy violations. DataBreaches.net’s preliminary analysis noted the presence of SSNs in multiple employee files but could not complete a full assessment of the dump’s contents by the time of reporting. The attackers did not label this as their final data release, leaving open the possibility of additional disclosures. The district had not confirmed whether it had notified affected staff about the exposure of their sensitive personal information at the time of the article’s publication.