Highline Public Schools this week confirmed that the cyberattack that caused the closure of all schools for three days in early September, 2024 was due to ransomware, prompting an extensive investigation and network recovery effort.

According to the FBI, ransomware involves a type of malicious software – or malware – that prevents organizations from accessing computer files, systems, or networks, and demands they pay a ransom – usually in untraceable bitcoin – for their restoration. 

The district said that it immediately engaged a third-party cybersecurity forensic specialist and notified the FBI, which is now involved in the ongoing investigation. Due to the sensitivity of the matter, officials said they are unable to provide specific details regarding the law enforcement aspect of the investigation.

As we previously reported, the Sept. 7 attack caused the district to close schools for three days, cancel athletic events (including forcing Highline High to forfeit a football game to Kennedy on Sept. 14) and more.

The hack involved unauthorized access to Highline’s digital network, but did not impact the physical safety of students, staff, or school facilities, the district emphasized. Student safety measures remain firmly in place.

Also around the same time of the district’s cyberattack, the Port of Seattle also suffered from a ransomware attack where hackers demanded $6 million in bitcoin, which the Port refused to pay.

In response to this incident, the district plans to re-image all district-provided Windows devices and require all staff and students to update their network passwords. This process will begin the week of Oct. 14, as the district works to gradually restore access to key tools and services. A team of technicians will visit school sites to facilitate the re-imaging and ensure a smooth transition back to full network functionality.

Highline is also taking preemptive measures to protect employees’ personal data. While the investigation continues to assess whether any personal information was exposed, the district is offering all employees a complimentary 12-month credit and identity monitoring service. Employees who wish to take advantage of this offer can contact the district’s Human Resources Department.

The district is focused on securing its network and preventing future incidents, though officials declined to provide specific details on the security measures in place.

“To protect the integrity of our environment, we do not disclose the security measures protecting our network,” the district stated.

Highline’s technology services team is expected to share additional information regarding restoration timelines for schools and departments in the coming week, with the first wave of tools becoming available to staff and students starting Oct. 14.

The district reiterated that it is committed to notifying individuals in writing should the investigation reveal that personal data was compromised in the attack.

The district also announced that it will make up school closures on May 27, June 20 and June 23. The last day of school is now set for June 23, but that date may change if there are additional missed days of school.

“We appreciate the quick action of our technology team in helping us recover from this incident,” the district said. “We are also grateful for your patience while we continue to conduct a thorough investigation.”

More details on the cyberattack can be found in a FAQ on the district’s website here.

Founder/Publisher/Editor. Three-time National Emmy Award winning Writer (“Bill Nye the Science Guy”), Director, Producer, Journalist and more...

Leave a comment

COMMENT POLICY: Please use your real name and remain civil – no attacks. Since it's an election year, comments that campaign or complain about candidates will NOT be approved. Try writing a thoughtful, informed, intelligent comment that would make your Mom proud.

Your email address will not be published. Required fields are marked *