Pueblo County School District 70 is taking steps to address a recent data breach and ransomware attack that may have compromised the personal information of former students of the Colorado school district, as well as current and former staff.
The data compromised in the Pueblo County School District 70 data breach is believed to stem from between 1991 and 2006, and is said to include student and staff records from an undetermined period.
Superintendent Ronda Rein acknowledged the delay of public disclosure of the data breach incident, and confirmed the involvement of federal agencies in its investigation.
Pueblo County School District 70 Data Breach Response
According to one report the district had been notified of the ransomware attack by Sophos on April 27, and a data breach was confirmed by the CIA on May 15. IT technicians and agents from various organizations, including Pueblo School District 60, Colorado State University Pueblo, the CIA, and the FBI, assisted in identifying the affected data.
According to Superintendent Ronda Rein, the district was not allowed to release information immediately due to the involvement of the CIA in the investigation. It’s not clear why the CIA was involved in the matter.
Rein emphasized that the district has taken measures to strengthen its systems and protect personal information. These measures include implementing two-step authentication on staff accounts, removing critical information from local servers to cloud-based servers, and hiring a full-time staff member responsible for cybersecurity.
The district has also limited access to district resources to U.S.-based requests and narrowed its firewall and VPN access to admin staff only.
Advice for Affected Individuals
In its data breach notice, the Pueblo County School District 70 advised students, staff, alumni, and community members to monitor credit reports and financial statements, consider restricting access to their credit report, consider a fraud alert, and protect themselves from suspicious communications. Those seeking additional assistance can contact the district’s IT support team at 719-549-6121.
By taking active measures to strengthen its systems and inform affected individuals, Pueblo County School District 70 hopes to support its community during potential fallout from the data breach incident.
Superintendent Rein stated, “We take the privacy and security of our community’s information extremely seriously.” She added, “We are working diligently with cybersecurity experts to fully understand the scope of this incident and to strengthen our systems against future threats.
The incident notice promoted the use of identity theft protection resources available through Equifax, Experian, LifeLock, and TransUnion, stating that contact information for the mentioned agencies were available on the school district’s website.
“We apologize for any concern or inconvenience this may cause and are committed to supporting our community through this process,” the data breach notice read.
