Cyber attack on Prince George's County Public Schools compromised 4,500 staff accounts

Prince George’s County Public Schools, one of the largest school districts in the US, said it suffered a cyber attack that disrupted several systems and its daily operations.

Maryland-based Prince George’s County Public Schools is overseen by the Maryland State Department of Education and is one of the 25 largest school districts in the US. The school district recently posted on social media that it was working to restore services following a broad network outage.

“Email and other services may be unavailable. Our team is working diligently to restore the network and we appreciate your continued patience. Updates will be provided as needed,” the school district said on 14th August.

In another post published the following day, the District said that on 14th August, it suffered a cyber attack that resulted in a network outage and enabled cyber criminals to access the user accounts of about 4,500 individuals.

“PGCPS experienced a cyber attack on the system’s network that was detected early Monday morning, Aug. 14. An estimated 4,500 user accounts out of 180,000 were impacted, primarily staff accounts,” the District said.

District officials said that the main business and student information systems, Oracle and SchoolMAX, weren’t impacted by the cyber attack.

“Critical network systems have been restored and additional functions will continue to be brought back online tonight; however, out of an abundance of caution, all PGCPS users will be required to reset their passwords on Tuesday, Aug. 15,” PGCPS said.

The District added that all affected users will be contacted “with further information regarding their accounts pending further review by a team of external cybersecurity experts.”

Several District teachers and staff expressed frustration on social media about being unable to change their passwords or carry out routine activities. The District later shared the process of changing the passwords and shared a number where staff members can call if they have any queries during the process.

The District is yet to clarify on how threat actors infiltrated its network or whether any data was exfiltrated from the accessed accounts. However, it has assured its staff and teachers that it will share more details as and when available.