What is the issue?
Attackers breached Paterson Public Schools and stole over 23,103 account passwords and other computer access tokens.
What was stolen?
Attacker contacted the Paterson times
The Paterson times became aware of the breach first even before the school district.
The attacker contacted the Paterson times via an email claiming that he had access to “all information systems” in the district. He then followed up providing screenshots of two district employees’ Outlook email inboxes.
The attacker claimed that the information was stolen in October 2018 and that he still has access to the district systems. The attacker also proposed to sell the stolen data to the Paterson Times but was rejected.
The attacker was reportedly spooked when the Paterson Times said that the information will be used for a news story. Later, the attacker canceled the email account that was being used to communicate with the newspaper.
What’s the conclusion?
While the school district is conducting a comprehensive investigation on the incident, employees are requested to reset their passwords and never reuse passwords across multiple accounts.