State Education Ministry hit by cyberattack

MONTGOMERY, Alabama – The Alabama State Department of Education was recently the target of a cyberattack, Superintendent Eric Mackey announced Wednesday.

The attack was stopped by state cybersecurity officials, but not before some student and teacher data was stolen. Mackey said the department is currently investigating the extent of the data that was accessed and said he could not comment publicly on the background on the advice of his legal counsel.

“(The department) immediately began working with state and federal law enforcement, the Alabama Attorney General, the Alabama Office of Information Technology, and an independent contractor who is considered an expert in anti-hacking measures to strengthen our cyber defenses and determine what data, if any, was compromised,” Mackey said at a news conference. “The criminal investigation is ongoing.

“Services have been restored and additional cybersecurity protocols have been added to the system. When it is determined what data may have been compromised, relevant parties will be notified in full compliance with applicable reporting laws and best practices.”

Data that may be stolen could include personally identifiable information such as names, addresses and social security numbers. Such information can be used for identity theft. Mackey said he encourages all educators to monitor their credit scores, just to be safe.

Financial information such as credit card numbers or bank routing numbers were not part of this data theft, he said. Such information is not stored in the ALSDE system.

“We don’t have any bank information or routing numbers in our system, so it’s not possible for anyone to access it,” Mackey said.

Mackey said security personnel were able to stop the attack before hackers managed to fully penetrate the department’s servers and re-encrypt the system in a way that would have allowed them to demand a ransom payment.

“Because our team was able to interrupt the hackers and prevent them from encrypting the server, they were unable to conduct a denial-of-service attack. All data was restored using clean backups,” Mackey said. He added that, on the advice of the FBI, ALSDE will not pay hackers for stolen data.

Mackey said he regrets he cannot provide more information, but encouraged individuals and the media to visit the department’s landing page www.alabamaachieves.org/databreach or send questions to (email protected).