Several East Texas school districts may have been infected by a security breach in their computer systems. A Texas Department of Agriculture employee’s computer was attacked, and since the department overseas school lunch programs, schools could have been affected.
From Texas Department of Agriculture
Summary of Ransomware Attack Incident and Recommended Action
On October 26, 2017, a Texas Department of Agriculture (TDA) employee’s state-issued laptop computer was compromised through a malicious ransomware attack. As a result, students in school districts throughout Texas may have been potentially impacted by the breach. The information exposed on the employee’s laptop included names, social security numbers, home addresses, birthdates, and personal phone numbers of the affected students and their families. To date, TDA’s Information Security Officer (ISO) has identified more than 700 students whose sensitive personal information was, or is reasonably believed to have been, exposed to acquisition by an unauthorized person.
It is important to note that, to date, TDA’s ISO has not discovered any evidence to suggest misuse of the information that was compromised by the ransomware exploit.
To mitigate this potential exposure, TDA’s ISO recommends that the affected students, or parents of the affected students, if minors, contact the three major credit bureaus and activate a fraud alert on behalf of the students impacted by ransomware attack.
Notices are available on TDA’s Square Meals website for the children’s parents or guardians that are impacted by the ransomware attack. (Section 521.053(f) of the Texas Business and Commerce Code).
Please view the list below of affected schools and school districts with students who have been potentially impacted by the successful ransomware.
Independent School Districts Impacted by ransomware attack
BIG SANDY ISD-DALLARDSVILLE
LAKE DALLAS ISD
NEW DIANA ISD
ORE CITY ISD
PILOT POINT ISD 2
DALLAS COUNTY JUVENILE
DEPARTMENT PINEYWOODS COMMUNITY ACADEMY
ENNIS ISD PONDER ISD
ETOILE ISD PRINCETON ISD
GILMER ISD SLIDELL ISD
GLADEWATER ISD ST MARY OF CARMEL SCHOOL
GUNTER ISD ST GEORGE SCHOOL
HARLETON ISD TERRELL ISD
HARRISON COUNTY JUVENILE SERVICES UNION GROVE ISD
JEAN MASSIEU ACADEMY UNION HILL ISD
References – Applicable State Law:
Section 521.053(b) of the Texas Business and Commerce Code – requires notice to a
person whose sensitive personal information was, or is reasonably believed to have
been, acquired by an unauthorized person.
Section 521.053(f) of the Texas Business and Commerce Code – authorizes alternate
notification via electronic mail, if the person providing notice has electronic mail
addresses for the affected persons; conspicuous posting on the entity’s website; or
broadcast on major statewide media.
Section 521.002(a) of the Texas Business and Commerce Code – defines PII as
information that alone or in conjunction with other information identifies an individual,
including an individual’s name, social security number, date of birth, government-issued
identification number, mother’s maiden name, personal address, driver’s license