Stride Identifies a Cyberattack on Its Systems and Network
K12 Inc. – to be Stride, Inc. effective December 16, 2020 – has detected unauthorized activity on its network, which has since been confirmed as a criminal attack in the form of ransomware.
Upon identifying unusual system activity, we quickly initiated our response, taking steps to contain the threat and lock down impacted systems, notifying federal law enforcement authorities, and working with an industry-leading third-party forensics team to investigate and assist with the incident.
Importantly, students at the schools we serve continue to learn. Based on our investigation to date, the attack did not affect the Learning Management System (“LMS”) that is used to deliver educational content to students and to host student accounts – no data on the LMS was compromised nor has the delivery of services over the LMS been interrupted in any way. Our client schools – charter and district online schools – are still open, operating, and secure, as they have been since the start of the pandemic. Additionally, all major corporate systems – including payroll, accounting, enrollment, financial reporting, procurement, and shipping – have remained operational through this incident.
We do believe that the attacker accessed certain parts of our corporate back-office systems, including some student and employee information on those systems, but it will take further time to determine the scope of the information accessed.
We carry insurance, including cyber insurance, which we believe to be commensurate with our size and the nature of our operations. We have already worked with our cyber insurance provider to make a payment to the ransomware attacker, as a proactive and preventive step to ensure that the information obtained by the attacker from our systems will not be released on the Internet or otherwise disclosed.
While there is always a risk that the threat actor will not adhere to negotiated terms, based on the specific characteristics of the case, and the guidance we have received about the attack and the threat actor, we believe the payment was a reasonable measure to take in order to prevent misuse of any information the attacker obtained.
Recommended AI News: Canon Medical Introduces One-Beat Spectral Cardiac CT
Stride considers the security and integrity of our systems and network among our top priorities, particularly considering the large shift this year to remote learning and work due to COVID-19. While no company can ever eliminate the risk of a cyberattack, we are working extensively with an industry-leading third-party forensics firm to ensure that we are taking all appropriate steps to prevent any incident like this from happening again.
In addition, as part of our response to this incident, we have assembled a team of advisors on data security compliance, including former United States Attorneys and state Attorneys General with experience in handling criminal cyberattacks, and other technical advisors. The team includes Catherine Hanaway, former US Attorney for the Eastern District of Missouri; William Lockyer, former California state Attorney General; and John Byron (J.B.) Van Hollen, former Wisconsin state Attorney General and former US Attorney for the Western District of Wisconsin. The team will assist in guiding our efforts in response to this incident, including compliance with state and federal laws, continued cooperation with law enforcement, and communications with outside parties concerning the incident.
This investigation is active and ongoing and our systems are operating with minimal impact. Based on the information currently known and our investigation to date, we do not believe the incident will have a material impact on our business, operations or financial results.
Recommended AI News: Hot Startups : Latest News And Updates On Daily Roundup