A cybersecurity breach in the Clark County School District this week has forced some teachers to shift assignments from computers to paper, and has made emails and other files unavailable to staff while off campus. 

CCSD told parents Monday that it became aware of a cybersecurity incident affecting its email environment on approximately Oct. 5, prompting it to launch an investigation with forensic experts and cooperate with an investigation by law enforcement. 

The district said an unauthorized party accessed personal information of a group of students, parents and employees, but there had been no reports of identity theft related to the breach as of Monday. 

The district declined to share further information but said affected individuals will receive a letter providing recommended steps they can take to protect their information.

The incident has led the district to temporarily limit access to its Google Workspace to its internal CCSD network. That means students and staff can only access certain emails and files linked to Google while they're on CCSD property, hampering the ability to work from home. The district said it also implemented a forced password change for all students. 

The cybersecurity incident wasn’t the only technical difficulty for the district this week. On Friday, CCSD said it was experiencing an interruption in its internet service because of construction-related damage and was working with Cox Communications to restore service. 

The level of interruption from the breach has varied across the district. 

Vicki Kreidel, president of the National Education Association of Southern Nevada and a reading teacher at Lomie G. Heard Elementary School in East Las Vegas, said that although students don’t require access to their district-provided Chromebooks while visiting the school’s reading center, her school did have to sacrifice some instruction time early this week to help students reset their passwords. 

She said some teachers have had to adjust assignments that they had previously uploaded onto Canvas, the district’s online learning platform, and print everything on paper. 

Assemblyman Reuben D’Silva (D-North Las Vegas), who’s also a government teacher at Rancho High School, said the shift to pen and paper has had some positives. 

“Some of the students actually said that this is actually making them think and interact with the lesson much more directly than by doing it on Canvas — there's a lot of issues with AI and ChatGPT and copying and pasting answers into the text box for essay responses,” he said. “They just can't do that when you're having an in-class essay where I'm watching them actually complete the essay by hand.”

On the other hand, he said, online platforms make it easier for teachers to grade assignments and upload those grades. 

Rebecca Garcia, a parent of three CCSD students and administrator of a CCSD parents group on Facebook, said she’s heard reports that password changes and assignments haven’t gone as smoothly at other schools. 

“One parent posted that their high school student went to class, and was told, ‘Sorry guys, everything's down. We don't have anything to do today, so just hang out,” she said. 

Garcia said she also has heard parents are frustrated by the lack of communication about whether teachers will be flexible with assignment due dates if students have issues completing assignments because of interruptions caused by the cybersecurity incident. 

D’Silva said he’s being flexible on assignment due dates, but as of Thursday afternoon, hadn’t received directives from district or school administrators on how grading and leniency should be handled. 

D’Silva said the district expects operations to return to normal by next week, but worries if the issues are prolonged that it will have a serious effect on teaching. 

Cyberattacks on school districts

The incident comes three years after CCSD faced a criminal ransomware attack in which a hacker released documents that contained Social Security numbers, student grades and other personal information online after the district refused to pay a ransom. The amount demanded was not disclosed.

The 2020 incident prompted Sens. Jacky Rosen and Catherine Cortez Masto to seek federal resources to help the district respond to the attack and prevent future ones. 

It also follows cyberattacks on MGM Resorts International and Caesars Entertainment last month. 

Doug Levin, co-founder and national director of K12 Security Information Exchange (K12 SIX), a nonprofit organization focused on school cybersecurity, said these types of incidents are happening more frequently. He said that since his organization began tracking cyberattacks in 2016, they have become more severe in terms of the number of individuals who have had their data stolen. 

“Des Moines literally had to shut down their school system for several days in response to a ransomware incident, and it took their IT systems weeks to recover,” he said. “Los Angeles, another very large district, experienced a ransomware incident last year. They did not have to close but they've had to spend quite a significant amount of money in upgrading their cybersecurity systems.”

CCSD hasn’t disclosed whether it has received a ransom demand this year. 

Levin said public entities are prone to cybersecurity breaches because of lack of resources to invest in cybersecurity protection. Another challenge for school districts is the array of device types and softwares required for their everyday operations.   

He said school systems are often targeted by criminal groups that tend to be based in or affiliated with Russia and are primarily interested in getting money through extortion. According to Levin, the ransom amounts can range from hundreds of thousands to millions of dollars. 

Even if school districts don’t pay ransom, he said they can still incur significant costs to recover from an attack and guard against further attacks. 

Tips to protect yourself from cybersecurity attack

It’s unclear just how many in the CCSD community were affected, but Levin said it's possible that past students and employees may also be affected depending on how long the district holds on to their data. 

Levin’s advice for individuals who think they may be affected is to presume that their information has already been breached. 

Levin suggests affected employees and parents look into freezing their as well as their children's credit with each credit reporting agency.

“While credit monitoring can keep you informed when there's issues, freezing your credit will prevent them,” he said. 

He encourages individuals affiliated with the school district to change their usernames and passwords on their personal devices if they use the same login information on district devices and systems. Levin also recommends they set up multifactor authentication on every online account they can, particularly if the account has sensitive information. Such systems send a code to a user’s phone via text or an app that will be needed as part of the login process. 

CCSD pointed individuals who are concerned that they have been a victim of identity theft to state and federal resources. CCSD has a dedicated assistance line at 888-566-5512 that is staffed between 6 a.m. and 6 p.m. Pacific Time, Monday through Friday, excluding holidays, to answer additional questions on the incident.