A pair of Maine public school districts faced cybersecurity issues over the weekend, officials announced Monday.
South Portland Public Schools took down its internet network Sunday after a breach threatened student data, the district said in a letter to parents and families.
The decision came after the school department’s cybersecurity service detected a network break over the weekend. Director of technology Andy Wallace said in a letter sent Monday morning that the decision was made to protect “student and other data.”
Wallace later said the breach appeared to stem from an IP address in Bulgaria but did not appear to have left lasting impacts on the district’s network.
Breaches are relatively uncommon, but not unheard of, among public schools. Wallace said the actors behind Monday’s incident did not appear to have specifically targeted the school and were likely looking for vulnerable networks wherever they could be found.
“It didn’t feel personal. It felt like ‘Oh darn, we got unlucky,'” Wallace said on a phone call Monday evening. “We’re schools. We’re not Fortune 500 companies.”
Much of the district’s sensitive information, including human resources data and financial systems, are operated offsite and outside the compromised network, Wallace said. He said the hacker accessed the district’s remote access server before gaining access to the firewall.
But accessing the firewall triggered an alarm Sunday afternoon, Wallace said.
The district contracts with Blue Spruce Technologies, Inc., a New Hampshire-based firm that provides remote monitoring for potential threats, which called Wallace shortly after the breach was first detected Sunday, he said. That service, funded by a state Department of Education grant last year, gave the district time to shut off its network and assess possible damage, Wallace said.
“While we can’t with certainty know the intention of the attacker, it seems — after having an outside expert analyze the access logs and activities — that they were more intent on discovering different computer networks and equipment, rather than gathering personal private data,” Wallace said in an email to the Press Herald.
Schools were open as scheduled Monday because all phone and security systems were operational. Following “a very early and busy morning,” internet service was restored before classes began, Wallace said.
Also over the weekend, an email address belonging to a student at MSAD 51, which includes Cumberland and North Yarmouth, was hacked and used in an attempted phishing scam by “an unknown user outside the US,” Superintendent Jeff Porter said in a letter to families. The unauthorized user sent an email to roughly 1,400 district accounts, though many messages were filtered as spam.
The administration was notified Monday morning that the student’s email account had been automatically locked over the weekend. “That’s when we dug into it and discovered that it was locked for a reason,” Porter said by phone Monday night.
The emailed message included a link regarding a remote job offer and requests for personal information, including phone numbers and private email addresses, Porter said.
“Due to this being a possible attempt to connect with students online, for safety purposes this has been referred to the Cumberland Police Department,” he said in the statement.
Sgt. Antonio Ridge of the department said he was not familiar with the incident Monday evening but said the department might have more details on Tuesday. Porter said administrators referred the issue to two school resource officers, who began the investigation but may not have alerted the entire team.
Porter said the fraudulent email was “a good reminder” of how to avoid phishing scams.
“We actually teach how to be aware of phishing attempts,” Porter said. “This was a good opportunity for re-educating everyone.”
Wallace said the two incidents were “totally different” in their nature and unlikely to be related.
Comments are not available on this story.
Send questions/comments to the editors.