School website provider Finalsite says no data theft in ransomware incident
A spokesperson for Finalsite, a company that provides web hosting services for K-12 schools and some colleges, said Monday that it’s largely recovered from a ransomware incident detected last week that prompted it to take thousands of client schools’ websites offline.
The spokesperson, Morgan Delack, also said there was no evidence any of the data contained on the thousands of sites it deactivated amid the attack was taken by malicious actors, though she said the company only handles information that’s already publicly accessible, like school calendars and staff directories.
“We do not keep credit card numbers, academic records, Social Security numbers,” she said.
Delack also told reporters during a virtual press conference that the website outages experienced by the company’s clients — including 3,000 public schools in the United States — occurred because Finalsite “proactively took everything offline” after detecting the network intrusion last Tuesday.
Every school, she said, has had its website restored, as the company has “rebuilt [operations] in a clean environment.”
Delack said Finalsite is being advised by its outside attorneys and a consulting firm, Charles River Associates. She said the company has identified the type of ransomware that prompted the incident, but declined to name it and said she could not give other details on Finalsite’s security and risk-assessment practices. She also did not say if the attack is being investigated by state or federal law enforcement.
She did say that while the thousands of school websites Finalsite operates are operational again, some have not had all their content restored, as the company rebuilds its file-upload manager. Delack said that process involves moving “terabytes of info” and said the company is “staying away from a concrete timeline.”
Cybersecurity incidents involving K-12 schools continue to be a pressing concern for state IT agencies, though industry experts estimate a vast majority of attacks originate with vendors. The K-12 Cybersecurity Resource Center and the K12 Security Information Exchange estimated last year that upward of three-quarters of data breaches at schools were connected to a tech vendor.
