Ransomeware Notificiation

Notice of Data Breach

Washington Central Unified Union School District (WCUUSD) experienced a criminal cybersecurity attack. The privacy and security of student and employee/staff and related information is a top priority for us and we are working diligently to deal with this incident. We sincerely apologize for any inconvenience this may cause you.

On October 24, 2021, the School District learned it was the victim of a cybersecurity attack. The attackers deployed malware causing the encryption of certain School District systems and files, and accessed or acquired certain documents in our systems that likely contain certain student and employee information. We promptly took steps to secure our network and engaged a third-party cybersecurity firm to conduct a forensic investigation into the cause and scope of the attack.  

The elements of personal information of affected students compromised in the attack may have included name, address, date of birth, certain information in the student’s education records, and potentially allergy and prescription information in student files. Student Social Security numbers were not involved in the attack, nor were the credit or debit card number of parents or guardians. 

The elements of personal information of teachers/staff and related individuals compromised in the attack may have included: name, address, date of birth, health insurance numbers, Social Security Number, and in some instances financial account information. At this time, we have no indication that any student or teacher/staff and related information has been used to commit identity theft or fraud.

Since discovering the attack, we promptly took steps to secure our networks and engaged an expert cybersecurity firm to conduct a comprehensive forensic investigation into the cause and scope of the attack. We also contacted law enforcement, including the FBI and the Vermont Attorney General’s office.

Prior to the attack, the School District had been in the process of moving applications and files to cloud environments to enhance security, which substantially reduced the impact of this incident. In response to the attack and in an effort to prevent future attacks, the School District changed passwords, deployed an end point monitoring solution, and began the process of upgrading its virus and malware protections.

In addition to doing our best to communicate to the School District community as promptly as possible, we have been arranging for ID theft and credit monitoring services to help affected persons mitigate harm. Please see below for more information on enrollment at no cost. We also include additional information.

As with any data incident, we recommend that affected persons remain vigilant and consider taking precautionary steps to avoid identity theft, obtain additional information, and protect their personal information. Affected persons who would like to enroll in identify theft and credit monitoring services, should call 866-346-4861 as soon as possible. Representatives are available Monday through Friday from 9:00 am to 5:30 pm eastern time. Please note the deadline to enroll is February 5, 2022.

Again, WCUUSD sincerely apologies for this inconvenience and appreciates your patience as we address this unfortunate criminal attack on our school community.