On June 12, 2024, the very next day after the Newberg school board took on interim superintendent Paula Radich in a highly controversial public meeting, Radich announced through a district wide email that the school computer network had been subject to a cyber attack.
As Radich claimed that the attack had been reported to federal authorities, I inquired to the FBI and received the following reply. According to the FBI the cyber attack against the Newberg-Dundee School District was ransomware in nature.
A ransomware attack involves malicious software that encrypts data on a computer system, rendering it inaccessible until a ransom is paid. In public school districts, ransomware typically targets sensitive information such as student records, financial data, and administrative documents. These attacks aim to extort money from the district by threatening to permanently delete or publish the data if the ransom demands are not met. Recovery from such attacks often involves significant IT resources and can disrupt educational operations.
Now is a good time for me to mention that just an hour before Radich had her email sent out to the entire district, the following email was sent by Jillian Daley stating that the district’s computer network and even the phone lines were down, due to an “issue with the internet”,
This is why I find it fairly odd that when I inquired to the school district about if the ransomware attack had resulted in the compromise of any personal data belonging to students or employees, I received a reply back from a California based law firm which I had never heard of before,
This law firm, Constangy, Brooks, Smith and Prophete, has a page where the firm states one of its specialty areas is responding to legal matters related to cyber security attacks, which is peculiar.
If no private data of employees and/or students was compromised, why does the Newberg school district need a law firm that purports to specialize in defending clients against lawsuits from “data security incidents” where private information was compromised?
The tl:dr of all of this is Constangy, Brooks, Smith and Prophete specialize in constructing a narrative to help defend their clients against lawsuits from employees and customers when their data has been stolen by hackers.
Now I’m not a cybersecurity specialist, but I know people who are. I’ve been the CEO of a company that has developed client facing billing software and needed to store customer data in the cloud as part of its operations, so I am well versed in what a ransomware attack is and what is needed to protect server infrastructure against it, as well as other legal issues related to the storing of that private data.
I’ve never heard of a ransomware attack where personal data wasn’t compromised, as that is quite literally the type of data that is ransomed in the first place. So I find the hiring of this law firm by the school district more than a little suspicious and rather contradictory to the claim that the cyber attack has “not impacted our computer network“. If this ransomware attack hasn’t impacted the Newberg school district’s computer network then why does the school district need a California based law firm that specializes in defending against litigation when the client’s network has been compromised?
I’m also, as of this moment, not entirely sure if it’s even legal for the school district to have retained this law firm given that such hirings have to go through a board procurement process during an open session. The Newberg School district already has law firms in retention which have gone through this process, so this should be known to the board and its “interim superintendent”.
As for how this ransom attack happened….there are many scenarios. I would think it is unlikely to be a direct attack that penetrated the district’s firewalls. Most of these kinds of attacks are the result of the network becoming infected when already infected personal devices (like say smart phones or flash drives) are connected to a computer hooked up to the network, and the trojan is sophisticated enough to evade security detection software. These kinds of attacks usually do not occur over night, but are the result of weeks or even months long processes of observing the network activity and collecting data before the hacker(s) announce themselves. But again, I don’t know the full details on what has transpired yet, I am just speculating on how this could have occurred.
While I have my own theories on what is going on here, I cannot say with any certainty other than that the statements of the district are very contradictory and warrant scrutiny.
This story will be updated as more information becomes available.
I believe the entire executive staff and the board, yes this new board, of the Newberg Dundee school district needs to be closely scrutinized. From here on out!