Retired employees of Fairfax County Public Schools are among those at risk of having their personal information compromised after hackers broke into the school system's computer network.
The Enter Retirement Feeling Confident (ERFC) service notified retired workers in an email that their information is included in the technology systems that were hacked.
Internet hacking group Maze claims it stole private information from FCPS. To prove it, Maze posted some of it online.
Cyber security expert Brett Callow says that's the hackers' way of letting school officials know this is serious.
"There are a selection of documents that have been posted to prove that the attack took place," Callow said. "This is the digital equivalent of a kidnapper sending a pinky finger."
News4 has viewed some of the documents posted online. One is nothing more than an internal training document from several years ago. But there's also personal information that includes letters regarding disciplinary actions against 15 different students and their grades.
Callow said the these types of attacks are called ransomware, when the hackers threaten to release more information unless they're paid a ransom.
"Those amounts can vary anywhere between a few thousand all the way up to $42 million, is the highest amount I'm aware of," Callow said.
He said parents shouldn't be too worried, but the real danger could be to school staff.
"It's more concerning for the staff whose social security numbers could be exposed, whose salary information could be exposed," he said.
In a statement to News4, an FCPS spokesperson said, "We have retained leading security experts to help us investigate the matter and recover from the situation. We also are coordinating our efforts with law enforcement authorities."
FCPS said Friday it had not notified staff because it’s investigating the attack.
A group representing staff says people should know if there's a possibility their information has been stolen.
"This is something that we believe employees need to be aware of, to be able to protect their own data as quickly as possible," Kimberly Adams of the Fairfax Education Association said. "Certainly, when you receive a notification that a credit card's been compromised in another location, you go and you worry about changing credit card numbers or passwords on accounts. Certainly employees need to know if that's something they should be doing now."
“We were shocked to learn that the FCPS system has been hacked,” said Tina Williams, president of Fairfax County Federation of Teachers. “This is deeply alarming for our community and we urge FCPS to swiftly resolve the issue, take every action possible to maintain the safety of employee and student data and information, and keep the FCPS community informed of all developments.”
Callow said these types of attacks have to be stopped as soon as they're discovered or the hackers can stay in the system and continue stealing information.
Usually, the hackers' intent is not to steal directly from staff members but rather collect a ransom, even if by means of insurance money, from the larger company or, in this case, FCPS, Callow explained.
But of course, if any private information is put online, anyone else could steal it.
With so many people working from home and students learning online, Callow said there could also be a greater threat to these types of attacks. Think of every computer used by students and staff as doors to a house: Each one is an added entry point for hackers to get into and work their way into the main network, he said.