Fairfax County Schools Has Employee SSNs Shared Online By Hackers

As reported By Washington News4, back in September of 2020, a group of hackers going by the name of Maze had gone out and managed to breach the computer network of Fairfax County Public Schools (FCPS).

Now, however, that same hacker group has opted to release a number of social security numbers (SSNs) as well as other details online regarding FCPS’s employees.

At the time of the original hack, there was no telling of the amount of information Maze had managed to steal from FCPS, but the organization had confirmed the attack. When it had originally occurred, an association representing the staff and teachers of FCPS made it clear, however, that they had not been notified about the matter back then as it happened.

In order to prove that it has successfully hacked the network, since it’s very easy to claim something like that without actually doing it, Maze had opted to release a chunk of stolen data to the public. According to the hacker group , this stands as only a snippet of the data it actually holds, and stands as verification to its threat.

The download link to the documents, made on the dark web , was pulled eventually, which experts say stand as an indicator that the victim is negotiating ransom.

The original leaked documents did hold some confidential information, including disciplinary actions against 15 students, but also held small nothings, such as an internal training document, several years old.

Even then, cybersecurity experts were aware that the parents and students weren’t the ones at risk, here. Instead, the employees of the FCPS were subject to the highest level of risk, as the most information on this computer network was regarding them.

Since then, the FCPS had opted to incorporate cybersecurity experts and even the FBI into the fold, in order to try and get this situation under control. In regard to the hack itself, the FCPS stated that both the consultants and the FBI were investigating the scope, nature, and extent of data that could be compromised .

Now, however, the plot has thickened. Maze, regardless of why they decided to do so, had released even more private information on Friday, and stand as far more dangerous data to be made public, especially for FCPS employees.

One of the documents now leaked holds a spreadsheet from back in 2014, showing several hundreds of Social Security numbers, names, and even some health insurance details of FCPS employees. This, in turn, has made them all vulnerable to identity theft.

As it stands now, not much can be done besides providing these victims with the tools and resources they need in order to safeguard against identity theft as a whole.

As the old saying goes, once it’s on the Internet, it will stay there forever, and the data has already been downloaded dozens, maybe hundreds, of times since its release. Many of these downloads, in turn, will doubtlessly be used for various malicious goals, as well.

In its statement, the FCPS tried to alleviate public concerns about the matter as well. First, it highlighted that FCPS itself isn’t vulnerable, as it claims many other school systems in the US had been a victim of sophisticated ransomware attacks .

After that, it assured the public that, in terms of continued threat, Maze is of no concern, since it secured all its systems. This means that the FCPS can start the school year without any delays.

Alongside this, FCPS highlighted that it is currently investigating the issue, and is doing so with the aid of the FBI and the Virginia State Police. From there, FCPS assured the public that it’s hard at work developing a productive, safe virtual learning environment for all of its students, working around the clock to identify what was stolen and promptly notifying the affected individual.