Cyber-Incident at South Carolina School District

Written by

A school district in South Carolina is investigating a "cyber-incident" that it says impacted hundreds of staff computers.

On October 4, some of the networks of Colleton County School District stopped operating. The unusual activity was detected by the district's information technology staff, who determined that a cybersecurity incident had occurred.

Speaking at the time of the security event, Colleton County School District coordinator of communications Sean Gruber said that because “communication remains intact for the community at large,” student instruction had not been interrupted.

“The district IT staff immediately began investigation and recovery measures and contacted a professional Incident Response and Recovery team to assist,” said Gruber.

The precise nature of the incident has not been made public, but the district has said that no physical security measures in place at Colleton County schools were affected and district facilities remain secure.

On Wednesday, the Colleton County School Board voted unanimously at a special meeting to spend nearly $200K on keeping three cybersecurity companies on the payroll to manage the district's recovery from the incident. 

The board said that approximately 800 computers used by teaching and administrative staff were involved in the incident. The services of a network engineer and a forensics engineer were required to sanitize the machines. 

Dell Support Services, Red Cloak, and Carbon Black will continue to be retained at the cost of $190,520 to carry out approximately 480 hours of work to fix the issue.

The school board said that the recovery efforts will involve working with the district's Active Directory and "shoring up its firewall." 

The vote took place on October 27, eight days after the school board sought legal advice on how to respond to the incident. 

According to a report by Count on News 2, on October 27, the district was still working on "sanitization" efforts and the district networks had not yet returned to normal operations. 

The school board has not added a notice about the cybersecurity incident to its website. The incident is being reported by Live 5 News as a cyber-attack. 

What’s hot on Infosecurity Magazine?