What Happened?
On June 17, Information System (IS) staff at the Alabama State Department of Education (ALSDE) interrupted and stopped an attack on the department’s computer system. IS professionals were able to interrupt and stop the attack before the hackers could access all the targeted servers and lock down our own computer system.
However, the hackers were able to breach some data and disrupt our services before our staff interrupted and stopped the attack. ALSDE immediately began working with state and federal law enforcement, the Alabama Attorney General, the state’s Office of Information Technology, and an independent contractor known as an expert in anti-hacking response to fortify our cyber defenses and to assess which data, if any, were compromised. The criminal investigation is ongoing, and this page will be updated with new information upon the conclusion of the investigation.
What Information Was Involved?
As mentioned, the criminal investigation is ongoing. While we still do not know the exact content of the information, it is possible that the hackers accessed some personally identifiable information. The ALSDE does not collect information such as direct deposit and bank account information. When it is fully determined which data may have been compromised, this site will be updated in full compliance with applicable notification laws and best practices.
Data affected in this event did not involve accounts maintained by the Retirement Systems of Alabama (RSA).
What Are We Doing?
Like other public schools, agencies, hospitals, and businesses that have been hit by criminal syndicates, it is disappointing and disheartening to learn that hackers were able to break through our security system to access data. In consultation with law enforcement, we have taken the position not to negotiate with foreign actors and extortioners. On principle the Federal Bureau of Investigation (FBI) never recommends paying off the hackers. Since our team was able to interrupt the hackers and keep them from encrypting the server, they were unable to instigate a denial of service. All data have been restored using clean backups. We have taken additional steps to secure data. At this time, we cannot detail any of the steps we have taken due to the nature of the investigation and the sensitivity of sharing security measures publicly. At the conclusion of the investigation additional updates may be made to this page.
What Can You Do?
The Federal Trade Commission (FTC) recommends that you place a free fraud alert on your credit file. A fraud alert tells creditors to contact you before they open any new accounts or change your existing accounts. Contact any one of the three major credit bureaus. As soon as one credit bureau confirms your fraud alert, the others are notified to place fraud alerts. The initial fraud alert stays on your credit report for one year. You can renew it after one year.
Equifax: equifax.com/personal/credit-report-services
or 1-800-685-1111
Experian: experian.com/help or 1-888-397-3742
TransUnion: transunion.com/credit-help or 1-888-909-8872
Ask each credit bureau to send you a free credit report after it places a fraud alert on your file. Review your credit reports for accounts and inquiries you don’t recognize. These can be signs of identity theft. If your personal information has been misused, visit the FTC’s site at IdentityTheft.gov to report the identity theft and get recovery steps. Even if you do not find any suspicious activity on your initial credit reports, the FTC recommends that you check your credit reports periodically so you can spot problems and address them quickly.
You may also want to consider placing a free credit freeze. A credit freeze means potential creditors cannot get your credit report. That makes it less likely that an identity thief can open new accounts in your name. To place a freeze, contact each of the major credit bureaus at the links or phone numbers above. A freeze remains in place until you ask the credit bureau to temporarily lift it or remove it.
We have attached information from the FTC’s website, IdentityTheft.gov/databreach , about steps you can take to help protect yourself from identity theft. The steps are based on the types of information exposed in this breach.
If you identify someone is opening new accounts using your information, you should report it to the local police and the FBI at IC3.gov
Other Important Information.
We will update with more information once we complete the investigation.
For More Information.