Bridgeport Schools computer network falls victim to cyberattack

Bridgeport Public Schools Convocation. August 28, 2017 Bridgeport Public Schools Convocation. August 28, 2017 Photo: Linda Conner Lambeck Photo: Linda Conner Lambeck Image 1 of / 1 Caption Close Bridgeport Schools computer network falls victim to cyberattack 1 / 1 Back to Gallery

BRIDGEPORT — The city school district’s computer network was attacked Friday by a virus caused by an outside entity that intended to hold district data hostage for ransom, district officials say.

Currently, there is no evidence of any data theft in the attack, Jeffrey Postolowski, director of technology services, said in an email response on Tuesday.

Rather, some district data was encrypted by a virus and reportedly held for ransom. How much? Postolowski didn’t say. What kind of data was masked and how much? He wouldn’t say that, either.

Some teachers, however, came forward on Tuesday to say that the data mostly lost has been theirs: years’ work of lesson plans and teaching materials stored on district servers.

“They are unable to access their files,” said one teacher who asked not to be identified.

“I know one teacher who had 18 years worth of teaching materials saved at work, not at home. That would be gone, currently,” the teacher said.

Other teachers, who put materials on Microsoft One or cloud-based platforms, were not affected.

“So my teaching materials are OK,” the teacher said.

Student work reportedly was not compromised because they are kept on a Google Drive.

Neither were the personal data of students or teachers, Gary Peluchette, president of the Bridgeport Education Association, said he was told.

“They are working to get it restored,” Peluchette said after meeting with Schools Superintendent Aresta Johnson.

In his email, Postolowski said he is working with the principal security architect of the District Information Security vendor in conjunction with Multi-State Information Sharing and Analysis Center and law enforcement officials to resolve the incident as quickly as possible.

Board Chairman John Weldon said on Monday he was assured no sensitive information was compromised.

“The way it was explained to me the responsibly party doesn’t have access to the information, just control (of) it,” said Weldon. “They locked us out.”

The attack did not affect emails or the district’s PowerSchool platform which contains student data including grades, officials said.

Johnson said IT staff worked through the weekend to stop the attack which was first noticed on Friday.

On Friday, Johnson said the district’s computer system was “down” in explaining why she could not retrieve last year’s attendance statistics.

Recovery apparently is ongoing, although Postolowski did not say how far the district had gotten in restoring its system or how the restoration was being accomplished.

Postolowski also did not speculate on how the breach may have occurred.

In an message sent to staff Sunday evening, Postolowski said the district was requiring a mandatory password change to get into the system. Staff were also warned not to bring in personal computers and to report any strange activity.

So called ransomware attacks have occurred to other organizations, companies and school districts around the world including several in Connecticut. Ransom is demanded in exchange for unlocking data. In many cases, the victim is presented with a message explaining that their files will only be decrypted once an untraceable Bitcoin payment is paid.

It is unclear if that has happened in Bridgeport’s case.

lclambeck@ctpost.com; twitter/lclambeck