What cybersecurity incident occurred at Rutherford County Schools?

Rutherford County Schools (RCS) experienced a cybersecurity incident that began on November 25, 2024, affecting their network and system operations. While most services have been restored through backup and recovery protocols, the investigation remains active.

What information was potentially compromised in the breach?

Preliminary findings indicate possible unauthorized access to employee files, as confirmed after a threat actor claimed online to possess personal data belonging to RCS employees. The exact nature and extent of the compromised data remains under investigation.

What response measures has RCS taken?

RCS has restored most services through their backup and recovery protocols and is working with national experts and law enforcement to investigate the incident. They have committed to notifying any affected employees once the full scope of the breach is determined.

Has the nature of the attack been disclosed?

No, the nature of the cyberattack has not been disclosed by Rutherford County Schools.

Incident

Rutherford County Schools reports cybersecurity incident, potential data breach

Q: Was student information affected by the breach?

According to RCS, there is no evidence of compromise to student information systems, and no student personal data has been found posted online.

published: Dec. 13, 2024

Learn More

Rutherford County Schools (RCS) has experienced a significant cybersecurity incident that began on November 25, 2024, affecting their network and system operations.

The district has managed to restore most services through their backup and recovery protocols. The investigation into the incident remains active, with the district working alongside national experts and law enforcement to fully understand the scope and impact of the breach.

The nature of the attack is not disclosed.

Subsequently, a threat actor made an online post claiming to possess personal data belonging to RCS employees. The district has since confirmed that preliminary findings indicate possible unauthorized access to employee files, though the exact nature and extent of the compromised data remains under investigation.

RCS claims that there is no evidence of compromise to student information systems, and no student personal data has been found posted online. They are committed to notifying any affected employees in accordance with legal requirements once the full scope of the breach is determined.

Update - as of 7th of January 2025, more details became available - initially, the Black Suit ransomware group claimed to have attacked RCS Tennessee, but this was later confirmed to be false by the district's spokesperson. Rhysida ransomware group subsequently claimed the attack, which proved to be true.

The incident involved a ransomware attack with a reported ransom demand of $2 million in Bitcoin. After non-payment, Rhysida leaked approximately 60% of 1.2 TB of stolen data.

Exposed Data Types:

Student Health Records:
Physical and psychiatric condition details
Medication information
Physician reports
Allergy action plans
Home study referrals
Special Education Records (SPED):
Psychoeducational evaluations
IQ test results
Academic achievement tests
Social histories
Student IDs and Social Security numbers
Employee Information:
Employment contracts
Direct deposit applications
Social Security numbers
Photo IDs
Academic transcripts

Scope and Impact:

Over 9,000 files in health records folder
Approximately 30,000 SPED-related files
Around 30,000 employee-related files

Rutherford County Schools reports cybersecurity incident, potential data breach

Read More
Seattle Housing Authority hit by NoEscape ransomware gang
Michael Garron Hospital reports ransomware attack and data …
Franklin County, Kansas hit by ransomware attack, exposes …
LockBit gang threatens to leak data of Korean …
Laborers' International Union of North America local 1184 …