Lufkin ISD Safeguarding Data After Attack


The Lufkin Independent School District (ISD) – a public school district based in Lufkin, Texas – is executing a long-term holistic review of the district’s systems to protect against cyber risks.

In 2021, Lufkin ISD was targeted by hackers based in the Netherlands who gained control of four security camera servers, and then in turn accessed, moved, and encrypted data from the district’s virtual servers. School district staff became aware of the hack on a Monday morning when they couldn’t log into their systems, but the scope of the problem quickly revealed itself to be far more severe.

The sensitive data of 11,000 of the district’s staff and students had been stolen and the district had lost control of functions such as air conditioning, registration, and grade administration. The hackers demanded $1.5 million in bitcoin to restore access.

“When you get into work and see the ransom notes and demands from threat actors, it drives home 11,000 people are counting on me and my department.” Brad Stewart, chief technology officer of the Lufkin School District, said in a statement.

Stewart said he faced three immediate challenges: he needed to recover the stolen data; he needed to discover the source of the breach; and he needed to ensure a ransomware attack like this couldn’t happen again.

In response, Stewart reached out to Dell Technologies to utilize the company’s Incident Response and Recovery services for recovery, and Managed Detection and Response services to improve the district’s security posture.

Stewart and his team – alongside their Dell Technologies support – were able to lock out the ransomware attackers and recover staff and student data.

After the ransomware attack, the team ran an evaluation of the district’s digital environment – from the IT infrastructure to its backups – identified security concerns, and implemented appropriate fixes. The singular solution they come up with was 24/7 monitoring.

The Lufkin ISD team had previously been unable to monitor its network due to a lack of personnel. The district decided to onboard Dell’s Managed Detection and Response software as part of an integrated service to monitor suspicious activity within their environment, alerting them if a threat is malicious or requires their attention.

In addition, the Lufkin ISD hired a cybersecurity analyst responsible for reviewing the Dell Managed Detection and Response dashboard each day.

“If any issues occur, the analyst can collaborate with Dell to remediate them,” Stewart said.  Following the vulnerability and uncertainty of the ransomware attack, he added, addition of the  new collaboration and support system is bringing him peace of mind.

“What started as a highly critical, time-sensitive crisis management situation has now transitioned into a longer-term, holistic review of the district’s systems [and] a strong, lasting relationship,” Stewart concluded.