Officials with the Tucson Unified School District of Arizona have confirmed that a ransomware group responsible for a cyberattack on the district's computer systems last January was able to access sensitive information belonging to their staff, KOLD-TV reports.
School district Superintendent Gabriel Trujillo confirmed that their cybersecurity forensics experts "have reached a point in our investigative efforts where we can confirm that employee information of a confidential and sensitive nature was accessed by the cyber-attackers.
They are now "working to confirm the extent to which this information has been stolen, sold, or published online," Trujillo said.
Federal authorities reported that the ransomware group identified as Royal sent an email to school district officials claiming to have stolen sensitive information of both employees and students, and sent emails to around 150 employees informing them of around 290 GB of data they had stolen with some attachments as proof.
TUSD Executive Director of Technology Services Rabih Hamadeh said they declined to negotiate with the ransomware group and to pay the ransom.