Cyberscam that hit Bloomington school workers puts Minn. districts on defensive

It seemed innocent enough: an e-mail requesting tax information for Bloomington Public School employees. But it ended with sensitive information getting into the wrong hands.

The Bloomington School District was the latest target for hackers looking to penetrate school district cybersecurity defenses and steal personal information.

The phishing scam has left Twin Cities metro-area school districts racing to warn their employees and reviewing their own lines of cyberdefense.

"It is a pretty serious issue when you look at the number of attacks that are happening," said Christopher Buse, chief technology and information officer for the state.

"We are dealing with pretty sophisticated criminals, and the ramifications are pretty profound." The state reportedly spots up to 3 million daily attempts to obtain sensitive information.

Personal information including addresses and Social Security numbers of 2,800 former and current Bloomington schools employees was stolen in the scam on Feb. 10.

A district employee had responded to an e-mail requesting 2016 W-2 tax forms, believing the request came from another employee in the finance department.

The scam was one of several that have ensnared schools locally and nationally. In Manatee County, Florida, school district officials fell for a similar W-2 scheme last week.

As schools rely more and more on technology, districts are investing in protections against cyberthreats and educating employees that their human error could affect the entire school district.

"The best way to prevent a phishing attack is through training," Douglas Levin, founder and president of EdTech Strategies, LLC, a consulting group, said.

School districts are holding staff training on how to identify malicious e-mails and content on their computers. After the attack in Bloomington, the Anoka-Hennepin School District warned employees about the W-2 scam.

Every three years, Minnetonka schools have an external agency perform a test to find any gaps in the district's cyber protections. The district, with more than 10,000 students, has a core technology team of 13 employees.

Anoka-Hennepin spends $35,000 on audits reviewing cybersecurity and about $4,000 educating its IT staff. The district has taken a more formal approach to cybersecurity over the years, said Joel VerDuin, chief technology and information officer.

"We can build systems that we can have a decent amount of control over," VerDuin said. "But when people make decisions you can't always be there to make those decisions. We try on a fairly regular basis to make sure we are educating people."

During VerDuin's five years in the technology department, the district faced a denial-of-service attack when students tried to disrupt school testing. The attack works by flooding machines with large requests for information, which can slow the internet connection.

"We continue to work with vendors and internet service providers to look at ways to prevent those," VerDuin said.

Bloomington has insurance that will mitigate the costs of this week's attack, according to the district.

"When you have that much data both of students and staff personnel ... it is really important that we have that kind of coverage," said Rick Kaufman, a spokesman for the school district. "What we have seen has made it that much more necessary."

In response to the scam, the district contracted with an identity theft agency for additional protection for staff. The district allocated $25,000 for the extra protection.

While some experts say that insurance may appease lawyers, it does not make school districts any less of target for hackers. Anoka-Hennepin schools is in the early stages of discussing cyber-related insurance.

Districts not only have to worry about phishing and denial of service, but "ransomware" attacks, too, in which a hacker blocks computer access until the victim pays up. The Cloquet School District was hit with such an attack last March; the ransom amount was $6,000. The FBI was called in, and Superintendent Ken Scarbrough responded by closing all five schools that day. Since the attack, Scarbrough said the district has upgraded its security system.

"Every district is finding that cybersecurity is a much more important matter to attend to than was previously thought," he said.

Beatrice Dupuy • 612-673-1707