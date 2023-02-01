Tucson Unified School District administration said it is taking "essential steps to secure our network and ensure confidential information remains safe."

The written statement, issued Tuesday night, was the district's first substantial comment about a data security incident since reporting it Monday morning. The statement did not directly answer questions posed to TUSD on whether any personal information about the district's more than 42,000 students and 7,000-plus employees was compromised.

TUSD officials have declined to answer any questions about the incident, citing direction from lawyers as the reason they are being tight-lipped as the investigation continues.

Here is their Tuesday night statement, unsigned by any administrator in particular, in its entirety:

"Protecting the security and privacy of personal information is of the utmost importance to Tucson Unified School District.

"Early Monday morning we experienced a data security incident, which impacted some of our systems. Upon learning of the issue, we immediately commenced an investigation and began working with national external cybersecurity experts who regularly analyze these types of incidents. The forensic investigation is in its early stages and is ongoing. We appreciate the patience of our community as we take essential steps to secure our network and ensure confidential information remains safe.

"TUSD schools are fully functioning and students have access to the tools they need to continue their learning and stay on track. We greatly appreciate our staff working with us to develop alternative learning plans and using hotspots, as needed until the systems are fully restored.

"Tucson Unified School District is taking this matter very seriously and continues to take significant measures to protect the information that we maintain. We apologize for the inconvenience; we will provide updates as the investigation and restoration process continues. We appreciate your patience and understanding as we work to get all systems back to normal.

"Thank you. TUSD Leadership"

Teachers' union president gives some info

Margaret Chaney, president of the Tucson Education Association, said Tuesday she believes some of the employee information stored in the district’s network includes phone numbers, addresses, Social Security numbers, and certification and disciplinary records. She added that more sensitive material, like student medical records, are likely stored in different servers.

“I’m not so concerned about that because I know that the district is well aware of the issues that are ongoing with that ... and they’re doing whatever they can to keep that safe, I’m sure,” Chaney said.

Among the questions from the Arizona Daily Star that TUSD administrators declined to respond to involved the nature of the incident and the kind of data stored in its network services.

“For the moment under the direction of legal counsel, we are unable to comment further," Superintendent Gabriel Trujillo told the Star in an emailed statement midday Tuesday.

The Tucson Police Department confirmed it was assisting in the investigation but referred all questions to TUSD.

Ransomware image, demand

Some TUSD students were circulating a photo on social media of a message that schools throughout the district allegedly received Monday through school printers. The message in the photo stated the district’s systems “were hit by Royal ransomware.”

Royal, according to the Australian Cyber Security Centre (ACSC), is a “ransomware variant that is being used by cybercriminals to conduct ransomware attacks against multiple sectors and organizations worldwide.”

Once the attackers hack into the victim’s network, ACSC states, they encrypt the victim’s data, lock the network in an unusable format, and demand a ransom to return access to the sensitive files.

ACSC says Royal ransomware was first detected in September 2022, has targeted critical Australian infrastructures, and is likely associated with Russian-speaking criminals.

Royal, according to ACSC, communicates with its victims by sending a ransom note to printers in the victim’s network and storing a file in place of all files that have been encrypted in that network. This note then informs the victims how to communicate with Royal to deliver ransom.

The message in the photo circulating on social media after the TUSD incident stated network data had been encrypted and copied and could be published online for anyone to see.

To prevent that from happening, the note states, the victim can pay a “modest royalty” to have Royal decrypt the files, restore the data and keep the information confidential.

Lower student attendance

Chaney said the lack of internet and network access resulted in lower student attendance in some sites and some teachers adjusting their lesson plans to manage without certain resources and programs.

“Unfortunately, I do believe that a lot of the resources are now all online and so that creates some barriers here and there, I think, for certain subjects,” she said, noting that substitute teachers would likely have a more difficult time delivering lesson plans without the access to the online resources that teachers leave for them.

But, she said teachers are resourceful and creative, and would be able to adjust their classroom activities as the district works on resolving the issue.