PCS Revenue Control Systems, Inc. (PCS) was hit with a proposed class action lawsuit last week alleging that it discovered a data breach from a hacking attack in December 2019 but failed to notify the affected students until March of 2021.
According to the lawsuit, student information was collected by PCS’s predecessor, Advanced Business Technologies (ABT), which provided food, nutrition, and technology services for K-12 schools. The information alleged to have been collected by ABT and in the possession of PCS after the acquisition included the names, dates of birth, Social Security numbers, and student identification numbers of 867,209 students who attended K-12 schools in Alabama, Florida, Georgia, and Texas. It is unclear why a nutrition vendor needs Social Security numbers of students to provide services.
Although the incident was allegedly discovered in December 2019, PCS sent notification letters to affected students and parents only in March 2021, offering one year of free credit monitoring.
Baltimore County Public Schools shut down Monday and Tuesday following a ransomware attack that paralyzed the school system’s network last week right before Thanksgiving.
According to the Baltimore Sun, officials described the event as a “catastrophic attack on our technology system.” The ransomware attack is reported to have hit the entire Baltimore County Public Schools’ network on Wednesday. The attack caused the 115,000 students who were solely remote learning to have an extended Thanksgiving weekend as schools were shut Monday and Tuesday and will resume on Wednesday.
When resuming school tomorrow, the District is advising students and staff that they can use Chromebooks, but not Windows-based devices while the investigation is ongoing. Students and staff are performing a series of security checks on system-issued devices and any students who need a new device or assistance can get assistance at their local public high school.
According to social media accounts, some teachers have surmised that the ransomware strain involved in the attack is Ryuk, which is well- known to have been involved in previous attacks against municipalities and school systems.
At the present time, the attack is being investigated and it is unknown whether or not any personal student or employee information was compromised.