author photo
By Bruce Sussman
Thu | Sep 5, 2019 | 7:33 AM PDT

The Flagstaff, Arizona, school district had a surprise message for its nearly 10,000 students: stay home Thursday, because of a cyberattack.

The message from the District appeared on its Facebook page and was quite cryptic:


The message, which appeared at about 6 p.m. Wednesday, left parents with a whole bunch of questions. First and foremost, could they trust this post on Facebook?


Now there's something to think about in your incident response communications plan: when you tell your customers about your cyber incident, will they even believe it is true?

Flagstaff School District reveals it is a ransomware attack

While the District left parents guessing on its official social media sites as to what exactly the "cyber security issue" was, it started telling Arizona news outlets that it was ransomware.

On Wednesday night, Zachery Fountain, Associate Director for Communications and Public Relations for the school district, confirmed to FOX 10 that ransomware meant the district had to take down internet access for all school and facilities.

"We do not take the closing of schools lightly, and made the decision because losing internet access would impact a number of systems and redundancies that keep our schools operational on a day to day basis," Fountain wrote.

Some parents questioned the timing of the announcement, which will leave families scrambling for someone to watch their kids. The District not only canceled classes but also all childcare, preschool, and after school activities.

This led to the types of Facebook comment debates you see about almost anything these days:


Ransomware attack on Flagstaff schools: days after breach disclosure

When it comes to the Flagstaff Unified School District and cybersecurity, it has been a rough start to the fall. 

The September ransomware attack follows a data breach notification the District posted on August 20, after a former third-party vendor exposed District information.

Personally identifiable information was released during a data security incident via the Pearson AIMSweb 1.0 platform—a system that FUSD no longer uses. Information released included the first and last names of students and employee first and last names, FUSD employee email addresses, and, in limited cases, employee ID numbers.

That breach impacted about 6,500 students and more than 300 teachers, according to the District.

SecureWorld recently published a story on a U.S. Chamber Commerce report, Business Cyber Risk Report: We Must Do More About Third-Party Risk Management. 

As we've heard security professionals discuss at SecureWorld conferences, that includes asking your vendors how and when they scrub your data from their networks when you are no longer a client of theirs.

Are cyber attacks the new snow days?

Some on the Flagstaff Unified School District's Facebook page did ask if the ransomware attack that canceled school was being treated like a snow day.

Let's hope successful cyberattacks don't become as common as snowstorms.

[RELATED: Florida, the Ransomware State?]

[RELATED: Baltimore, $18 Million Later: 'This Is Why We Didn't Pay the Ransom']