Information Regarding Cybersecurity Incident

Ongoing Information Regarding Cybersecurity Incident
Posted on 11/17/2023

Originally posted November 1, 2023. Updated as of November 17, 2023, 12 p.m.

On October 31, some Jeffco staff members received alarming email messages from an external cybersecurity threat actor - an individual who has allegedly committed an illegal cybercrime against an institution or organization - indicating a cyber event.

Jeffco’s Information Technology team is working together with cybersecurity specialists and law enforcement to determine the scope of the incident. This is a cyber event and there is no concern related to physical safety. 

Jeffco Public Schools takes data security very seriously and has procedures in place to respond to this type of situation given the unfortunate frequency of such incidents across all industries including education. Keeping our students and staff safe and communicating openly with our families are core to Jeffco’s values. 

This webpage will be updated with more information as it becomes available.

November 17, 2023: Cybersecurity Incident Update #4

November 17, 2023 

Dear Jeffco Public Schools Staff and Families, 

We want to express our gratitude for your patience during our review of the October 31 cyber event. We understand that waiting for more information and uncertainty about the scope of the event can be challenging.     

Jeffco continues to work diligently with cybersecurity specialists to determine what applications and data were accessed and how; that investigation is ongoing and will take some time to complete. We acknowledge and share in the desire to know more information than we do today, however, we must allow our specialists to complete their investigation. We are committed to communicating along the way, when there is new information to share.  

Here is what we know today: 

For certain technology applications that are part of the investigation, the review process continues, and information may change based on the ongoing review. 

  • The review of our Human Resources system, PeopleSoft, did not reveal signs of compromise to sensitive data such as staff banking information or social security numbers.  
  • Student ID numbers were accessed. However, these numbers are randomly generated and do not reflect anything identifiable related to students outside of their school record. Please note that Jeffco does not routinely collect parent/guardian and student social security numbers or National ID numbers. 
  • Family banking information used to pay school fees is located in third party systems that have no indication of being accessed.
  • Jeffco will follow all data breach requirements, including notification obligations, contained in Colorado law. 

Remember, if you receive any communication of concern, please notify us immediately by calling JeffcoHelp 303-982-2200 or via our community portal. For more information about improving your online safety, read this helpful resource
  
We will continue to communicate with you and share updates on this webpage. Thank you for your patience and understanding as together we work carefully to keep our district safe and secure. 

In partnership,  

Jeffco Public Schools 

November 7, 2023: Cybersecurity Incident Update #3

November 7, 2023 

Dear Jeffco Public Schools Staff and Families, 

We are aware that some Jeffco families have been contacted via email by an unauthorized actor. We have updated our website with the latest information about the cyber event from October 31 and best practice reminders about how you can keep yourself safe; please take a few moments to review this information.  

As best practice, you should not open email from unknown senders. Jeffco continues to partner with specialists and law enforcement to address the situation.  

We understand it is unsettling to receive communication from this unauthorized actor and it is unfortunate that events like this occur in today’s technology-dependent era. 

Jeffco Public Schools takes data security very seriously and has procedures in place to respond to this type of situation given the unfortunate frequency of such incidents across all industries, including education. 

We will continue to communicate with you and share updates on this webpage as they become available. 

Thank you, 

Jeffco Public Schools 
 

November 7, 2023: Cybersecurity Incident Update #2

November 7, 2023 

Dear Jeffco Public Schools Staff and Families, 

As you are aware, Jeffco Public Schools is reviewing a matter in which an unnamed person claimed to have obtained temporary unauthorized access to certain staff and student online accounts. The district is working with specialists to investigate this matter.  

If you receive any concerning communication based on this matter: 

  1. Do not click on any links 
  2. Do not respond 
  3. Delete the message
  4. Notify us immediately by calling JeffcoHelp at 303-982-2200 or via our community portal.  

For more information to improve your online safety, read this helpful resource.  

Thank you, 

Jeffco Public Schools 

November 1, 2023: Cybersecurity Incident Update #1

November 1, 2023

Dear Jeffco Public Schools Staff and Families,

All staff and students are safe. During the afternoon of October 31, some Jeffco staff members received alarming email messages from an external cybersecurity threat actor – an individual who has allegedly committed an illegal cybercrime against an institution or organization –  indicating a cyber-attack. This is a cyberthreat and there is no concern related to physical safety. 

Jeffco Public Schools takes data security very seriously and we have procedures in place to respond to this type of situation given the unfortunate frequency of such incidents across all industries including education. Keeping our students and staff safe and communicating openly with our families are core to Jeffco’s values. Here is what we know today:

  • Our law enforcement and cybersecurity specialists believe this attack is not unique to Jeffco Public Schools and is linked to attacks against other educational institutions. 
  • The Technology and Data Privacy Advisory Committee (TDPAC) was created to advise the Board of Education on district technology strategies, systems, and overall data governance and we are working with this group in a consultative manner to provide input and guidance to Jeffco’s IT Department.
  • Upon learning about the cyber-attack, Jeffco’s Information Technology (IT) team, in partnership with cybersecurity specialists, law enforcement and others intervened immediately and are working together to determine the credibility of the attack and scope of the incident.
  • Jeffco’s IT team has taken steps to clean out and delete the emails that our system detected from the threat actor.
  • Cybersecurity specialists and law enforcement are unsure at this time how long it will take them to determine the details around the incident.
  • Jeffco will follow all requirements associated with data breaches in accordance with Colorado law.
  • Additional information will be sent via email and will be available on this webpage.

While our teams work to identify the complete scope of impacted records within the incident, we are taking the precautionary measure to require #TeamJeffco staff members to update their Jeffco password by 5 p.m. on Monday, November 6. Staff will receive specific follow-up communication with instructions and support for completing their password reset. We will work with schools to educate students about digital citizenship and the importance of strong passwords and regular password changes.

Our communication timeline will be informed by our law enforcement partners and cybersecurity specialists to ensure the integrity of their investigation. We will balance this with prioritizing transparency with all of you. If you receive any communication of concern to you based on this information please notify us immediately by calling JeffcoHelp 303-982-2200 or via our community portal. You can learn more about proactive steps to take to keep yourself cyber safe. 

I am proud to serve Jeffco Public Schools as we work together to take preventative and proactive measures to investigate the situation and ensure data security for our Jeffco community. Thank you for your patience and understanding and for helping us keep our district safe and secure. 

In partnership, 

Jill K. Ibeck

Chief Information Officer

Jeffco Public Schools


Frequently Asked Questions

Updated November 17, 2023

Q. Why is the investigation taking time? 

A. Jeffco Public Schools continues to work with specialists to investigate the October 31 cyber event; the investigation is ongoing and will take some time to complete. The investigating team is working comprehensively and with urgency to perform the work necessary to understand the matter. 

Q. What data is affected? 

For certain technology applications that are part of the investigation, the review process continues, and information may change based on the ongoing review. Jeffco will follow all data breach requirements, including notification obligations, contained in Colorado law. 

A. Certain staff and student data may be affected. It will take time to complete the review, identify the full data set, and contents of that data. Jeffco will update affected stakeholders consistent with Colorado requirements. 

Here is what we know as of November 17, 2023:

  • The review of Jeffco's Human Resources system, PeopleSoft, did not reveal signs of compromise to sensitive data such as staff banking information or social security numbers.  
  • Student ID numbers were accessed. However, these numbers are randomly generated and do not reflect anything identifiable related to students outside of their school record. Please note that Jeffco does not routinely collect parent/guardian and student social security numbers or National ID numbers.
  • Family banking information used to pay school fees is located in third party systems that have no indication of being accessed. 
  • Jeffco will follow all data breach requirements, including notification obligations, contained in Colorado law.  

Q: How do I know if I was impacted by the cybersecurity incident?

A: The information we have shared is all we know at this time. Once law enforcement and our cybersecurity specialists have completed their investigation, Jeffco will follow all data breach requirements, including notification obligations, contained in Colorado law.

Q: What happened on October 31?

A: Jeffco Public Schools is reviewing a matter in which an unnamed person claimed to have obtained temporary unauthorized access to certain staff and student online accounts. Shortly after learning about this matter, we took steps to confirm the security of the accessed accounts and immediately began a thorough review.

Q: How did Jeffco respond to the matter?

A: As soon as the district learned about this matter we notified staff and families, notified law enforcement, began collaborating with specialists, started a review to determine what occurred, and began a districtwide process to reset all staff and student passwords.

Unfortunately claims of unauthorized access to accounts is not uncommon in today’s digital age. Like other impacted organizations, the district is working with specialists to thoroughly review the situation and respond appropriately, including the reset of all student and staff passwords.

Q: Who is responsible for the event?

A: The party responsible for this matter has not been identified. This matter has been referred to law enforcement.

Q: Was this a ransomware event?

A: No, this was not a ransomware event. By definition, A ransomware event locks up or encrypts files so organizations can no longer access them. A ransom, usually in the form of cryptocurrency, is demanded to restore access to the files. 

Q: Is it safe to use school computers and accounts?

A: Yes. The district reset staff and student account passwords on Friday, November 3. Staff began assisting students with logging into their accounts on Monday, November 6.

Q: What if I receive a suspicious email about this matter?

A: We are aware that parents have received suspicious emails from an unknown actor. If you receive a suspicious email, do not click on any links or attachments, and please notify us immediately by calling JeffcoHelp at 303-982-2200 or via our community portal. We also recommend that you delete the suspicious email to protect your account. Notifying Jeffco if you receive suspicious emails helps us determine scope and share pertinent information with law enforcement. 

If you unintentionally clicked on a suspicious email, links, and/or attachments, you may consider resetting your password as a precaution.

Q: Has law enforcement been notified?

A: Yes, federal law enforcement was notified. The suspicious email some parents received has also been shared with federal law enforcement.

Q: Will Jeffco pay the extortion demand?

A: No. Based on the advice of specialists, Jeffco is not paying the extortion demand. We have no assurance that paying the demand would lead to a positive outcome. In addition, making this payment would only serve as an incentive for this type of illegal behavior. It is not in our community’s best interest or the interest of any possible future district that may become the victim of this type of event.

Website by SchoolMessenger Presence. © 2024 SchoolMessenger Corporation. All rights reserved.