Lake Oswego School District

The organisation operates as a public school district providing educational services within its designated geographic region. Its core function involves administering multiple schools to deliver primary and secondary education to students in its community. The district manages essential operational infrastructure including email systems, social media accounts, and internal networks to support teaching, learning, and administration. This infrastructure is critical for daily operations and communication between staff, students, and parents. Maintaining the confidentiality and integrity of student and staff data is a fundamental responsibility inherent to its educational role.

The district has faced significant cybersecurity incidents impacting its operations and data security. In July 2020, the Moses Lake School District, comprising 16 schools, suffered a disruptive ransomware attack originating from a phishing email traced to an IP address in Moscow, Russia. Attackers demanded a $1 million ransom, which the district refused. This compromise of data integrity and confidentiality necessitated the rebuilding of over 50 servers and PCs from backups, forcing the district offline for more than two weeks. Earlier, in July 2018, the Lake Oswego School District experienced unauthorized access to an employee email account and its official Twitter account. The compromised email was used to send phishing links to approximately 200 students, while the Twitter account posted an unauthorized ownership change message. While the phishing preceded the Twitter breach, investigators found no confirmed link between the two events, leaving the full extent of potential system access unclear at the time. These incidents highlight persistent threats targeting educational institutions' digital assets.