There has been an increased number of ransomware attacks plaguing government offices, businesses, and ordinary citizens, taking advantage of people working remotely and lax security policies. These groups tend to target their victims by gathering data from targeted emails and data online, infiltrate their networks through phishing or other methods, and then take information as they plant malware that encrypts and locks the user’s data and networks.
Once the ransomware is activated, the hackers then demand money to access the locked information and stop them from posting or selling the stolen information. This information could include trade secrets, client data, financial records, Social Security numbers, bank accounts, and birth dates.
Public school districts are not immune to these ransomware attacks. Very recently, a prominent Florida school district was not spared by these criminals.
One of the country’s biggest school districts’ computer systems was hacked by a group called the Conti gang. They encrypted district data and demanded as ransom an amount of $40 million; otherwise, it would delete the documents and publish students’ and employees’ data online. Conti claims it took from Broward’s framework Social Security numbers, birth dates, student, and representative data. As an educational operation, FERPA, the federal law for education can be an issue.
Broward is the country’s sixth-largest school district and has an annual budget of about $4 billion. They have over 270,000 students. The hackers claimed with a budget in the billions, $40 million was a reasonable ransom to be paid in cryptocurrency. The ransomware caused a short closure of the district’s computer system toward the beginning of March, yet the breach did not disrupt classes.
Data breaches have legal consequences. A business can be sued for data breaches by both customers, and they can face fines from governments and agencies depending on the type of information lost. In addition, businesses face reputational harm. They will also have to investigate and remediate the issues. Security breaches, whether they be large or small, can indeed expose the company to financial and legal troubles. Regulated industries such as health care, finance, and education have federal privacy laws that govern as well.
For one, the costs attached to security breaches are extensive. Companies in response to breaches may be compelled to employ computer forensic specialists to analyze the reason for the breach and gather evidence. Also, organizations may draw in public relations and crisis management experts to handle customers and the general population to save their reputation.
The best practice for any company is to work with a professional to address their policies, people, and technology infrastructure to prepare for the security challenges all businesses face. This includes having your legal counsel oversee your data privacy program.
Contact Timothy Shields at:
Phone: 833-830-HELP (4357)
DISCLAIMER: This article is provided as a courtesy and is intended for the general information of the matters discussed above and should not be relied upon as legal advice. Neither Kelley Kronenberg, nor its individual attorneys or staff, are responsible for errors, omissions and/or typographical errors – always seek competent legal counsel.