TUSD ransomware attack: What families can do

We found a few steps that can dramatically decrease your risk
Published: Apr. 4, 2023 at 10:28 PM MST
Email This Link
Share on Pinterest
Share on LinkedIn

TUCSON, Ariz. (13 News) - Our Investigates Team has confirmed ransomware attackers accessed confidential information of Tucson Unified School District employees. Where does that leave families of students in the district? Though TUSD has not yet said student information was accessed by hackers, without evidence to the contrary, it’s smart to operate as if it was.

”You need to assume the worst and think, if this information whether about myself or my young child gets out could that cause a problem - and a lot of times, that answer is yes,” said Teresa Murray of the US Public Interest Research Group.

There are several ways families can make themselves less attractive targets. First, Murray said everyone involved with an attacked organization should take stock of what data may be at risk. That includes other people who may have been on file.

“Anybody who was listed as an emergency contact, I would let them know, ‘Hey, your phone number, maybe your address, whatever information has been given to the school, potentially has been compromised.” Murray said.

Next, you have to protect against identity theft and phishing. TechTalk Radio’s Andy Taylor says, what cyber thieves really want to do - is be you: Impersonate you convincingly enough to gain the trust of your personal connections, your financial institutions or service providers.

”With just that information - address, phone number, date of birth - at the worst, social security number - all can be engineered to phish other family members,” Taylor said. ”Somebody could call from the school... it might not be the school. So check, double check, and verify, just to be safe.”

One powerful tool is to get a free freeze for you and family members’ credit files with the three major credit reporting agencies - and that includes your kids.

“Freeze their credit files because you say, ‘Gosh, my ten year old is not going to be able to open a credit card in her name!’ Believe me, it has happened. Children’s identities get stolen all the time,” Murray said.

If you do get a notice from the district with recommendation or next steps, TUSD staff was advised to do a credit freeze weeks ago. But PIRG recommends a credit freeze for anyone of any age who has a social security number as a way to dramatically decrease your risk. You must contact each reporting agency separately, using these steps.

You may not be able to control a school district’s security , but you can update your own systems: routers and modems, operating systems and firmware...update all your software with the latest version. Always follow up if you get notified someone else tries to log on. Set every device and site log in to two-factor authentication. These steps make it more difficult, and less likely, for cyber criminals to victimize you. Still, keep up your guard. Even after kids get out of school, stay vigilant and check out anything unusual. Hackers can lie in wait for months to grab an easy target.