Allen ISD Parents Concerned About Receiving Cybersecurity Breach Emails
COLLIN COUNTY (CBSDFW.COM) — Officials with the Allen Independent School District say they're continuing an ongoing investigation into what data, if any, hackers may have compromised from their school district.
Allen ISD was first hacked in September when their phones, WiFi, and printer systems all went down, but say no sensitive information was stolen.
However, now parents are coming forward saying they're being threatened by those same hackers.
Phil Carpenter, is one of many parents who received an email stating sensitive information has been collected from the district.
"[the hackers] claim to have a log of sensitive data from Allen ISD," Carpenter said. "That they have hacked into a lot of the IT resources. It does seem to be some sort of phishing attempt."
The email claimed to have control of Allen ISD's network.
Another version of the email his wife received, tells parents their school district has five days to send them their demanded payment, or their demand will go up to $10 million.
If the money isn't received, the hacker say parents risk having sensitive student information published.
For parents it's worrisome.
"If you think about the information [Allen ISD] has, they have our kids addresses, they have their date of birth, they have their social security," Carpenter said.
While cybersecurity experts say hackers are using a common scare tactic.
"I suspect what's happening is some of these hackers are saying 'I know how to put pressure on the school district to pay the ransom, I will start embarrassing them by communicating directly with parents,' then parents say 'Oh my gosh! You've got to do something about this,'" said Jose Lineros, a cybersecurity expert and professor at University of North Texas.
And it worked. Allen ISD began getting questions from parents about the emails.
The district responded via email stating: "If their claim - that they have taken sensitive personal information on individuals is verified - we will act to provide protection to those people."
The District has since teamed up with an independent third-party cybersecurity team to investigate what could have been accessed and when.
They also say they have no intention of paying a ransom.
But in the meantime experts say if it ever happens to you steer clear, report it, and don't click on any links.
"Don't respond," said Lineros. "Don't engage."
