Friday, February 17, 2023 – Cybersecurity Update

As you know, last month Des Moines Public Schools was the target of a cyber-attack. Back on January 9, we became aware of suspicious activity in some of our computer systems, and immediately took steps to stop that activity, including shutting down many parts of our networked systems. We engaged third-party cybersecurity experts to assist with investigating and restoring all systems as quickly and securely as possible. We also sought guidance from the FBI and are being advised by the threat intelligence community to ensure our investigation and restoration is conducted with integrity.

We take the importance of protecting the data we maintain very seriously, and we follow strict protocols to provide the highest levels of data security for our students, families and staff.

Since that time, we have been responding to the cyber incident on two fronts: Restoration and Investigation.

The first front has been our staff, along with a team of outside IT experts, working to restore those systems as quickly and securely as possible. On that front, much progress has been made to restore systems. Our student data management system has remained available to teachers and staff. Our staff and vendors are being paid. Our communications tools are functioning. Network connections at our buildings are reestablished.

While we are excited to share all that we are learning and the strategies to harden our network environment and strengthen our cyber security posture, we will not. Industry research and cyber intelligence tells us that any organization, including DMPS, which has experienced a ransomware attack is 80% more likely to be hit again within six months. We know threat actors are following us more closely through the remediation and recovery from this event and will look for opportunities to exploit any information shared on public platforms.

Please rest assured and know that we are leveraging every resource to ensure we are following industry standard and best practices. We take the responsibility of securing with the upmost seriousness.

The second front in responding to this cyber-attack has involved working with a team of third-party forensic specialists to investigate the nature and scope of the attack. I have two updates to share with you today about that on-going investigation.

First, while we assumed from the beginning that this was a ransomware attack, I can confirm that this was, indeed, a ransomware attack. However, as stated previously, this is an on-going investigation and therefore I cannot provide specific details.

Second, our partners in cyber intelligence have determined that this incident resulted in the exposure of some of the data that we maintain. We are in the process of reviewing that data, which includes identifying, to the best of our ability, individuals who may be affected. They will be notified via U.S. mail and offered complimentary monitoring services.

I want to reiterate that the investigation into the incident is ongoing and as you know from covering similar incidents in Iowa, this process can take months to completely resolve. As that work continues, we will be notifying any and all individuals if more are found to have any personal information exposed by this attack.

Finally, it seems that a week does not go by without a report of a cyber-attack impacting everything from major retailers to financial companies to public agencies. It is easy to become complacent about such incidents. We do not want people here to become complacent. We want people to take some simple steps to protect their information if they receive a letter from us. While I apologize for the concern and inconvenience this has caused and am grateful for the patience and understanding people have shown, please know that if we learn that information about you has been taken from our systems, we are going to let you know as soon as we can.

Click here for more information.