Cyberattack on Maryland school district compromised 4,500 user accounts

A Maryland school district said Friday that personal information of school staff may have been leaked online after a cyberattack hit its network servers earlier this month.

The Prince George’s County Public Schools district, located outside of Washington, D.C., said that it identified the malicious activity on its servers on Aug. 14. The attack impacted about 4,500 out of 180,000 district user accounts, and those impacted were primarily staff accounts.

While the district said in a news release that it did not know how much information was affected, the impacted data did include “identification details,” and it’s reviewing data that may have been compromised. Once that process is complete, the district said it will notify those who may be affected. 

The school system, which is one of the largest in the state with more than 130,000 students enrolled, said it the cyberattack was similar to those experienced by “several school districts nationwide,” and that it is investigating the incident with outside cybersecurity and forensic specialists.

The attack in Maryland occurred amid a rising number cyberattacks and ransomware incidents affecting schools across the country this year. The data of thousands of students from New York City to Minnesota were impacted in the global breach of the MOVEit file-transfer software, which started in May. Earlier this month, the Colorado Department of Higher Education announced the sensitive data of former students, including Social Security numbers, were compromised during a June ransomware incident.

While Prince George’s County Public Schools said it expects the data review will take several weeks, it will provide all staff and students access to free credit monitoring and identity protection services through Experian to help guard against potential misuse of their personal information.