U.S. Highline Public Schools Hit by Cyberattack Forcing Class Cancellations

• Highline Public Schools was the victim of an unclaimed cyberattack that suspended all school activities.
• School officials isolated critical infrastructure and began an investigation into the scope and nature of the attack.
• Today, a follow-up announcement is expected to inform attendees whether the disruptions continue tomorrow. 

Highline Public Schools was hit by a cyberattack that forced the district to cancel classes on Monday due to "unauthorized activity" detected within its technology systems, as per a public notice, underscoring the increasing vulnerability of educational institutions in the U.S.

School officials isolated critical infrastructure, and despite the lack of specific details regarding the nature of the cyberattack, all school activities, including athletics and meetings, remain suspended. 

The cyberattack's timing was particularly disruptive, coinciding with the eve of the first day of kindergarten for many Highline families, as it serves more than 17,500 students in Burien, Des Moines, Normandy Park, SeaTac, and White Center in Washington State.

While the investigation continues, school administrators are expected to report to work, with central office staff potentially deployed to assist in managing the disruption. The district has assured the community that updates will be provided on Monday to confirm whether the cyberattack will impact Tuesday's operations.

The district has engaged third-party cybersecurity experts and is collaborating with state and federal authorities to safely restore and rigorously test their systems before resuming operations.

This incident at Highline Public Schools is not isolated but rather part of a broader pattern of cyberattacks targeting U.S. educational institutions. The Cybersecurity and Infrastructure Security Agency (CISA) has identified schools as attractive targets due to the vast amounts of sensitive personal and financial data they store. 

According to CISA, on average, Kindergarten to Twelfth (K-12) schools experience more than one cyber incident per school day. 

The Highline incident follows recent attacks on other school districts, such as the Kershaw County School District in South Carolina and Van Buren Public Schools in Michigan, and serves as a stark reminder of the pressing need for enhanced cybersecurity measures across the K-12 sector.

Recently, a new Fog ransomware variant was discovered to target US sectors, 80% of them being in education. Threat actors were able to access victim environments by leveraging compromised VPN credentials.

According to Verizon’s 2024 Data Breach Investigations Report, the educational services sector faced a significant threat from malware, hacking, and social engineering, with incidents in 2023 reaching 1,780, of which 1,537 involved confirmed data disclosure.