Hackers have broken into Fairfax County Public Schools' computer network and say they're holding personal information for ransom.
There's no telling how much was stolen.
Fairfax County Public Schools have confirmed the hack, but an association that represents FCPS teachers and staff says employees haven't been informed that their personal information could have been stolen.
The internet hacking group Maze claims it stole private information from Fairfax County Public Schools. To prove it, Maze has already posted some of it online.
Cyber security expert Brett Callow says that's the hackers' way of letting school officials know this is serious.
"There are a selection of documents that have been posted to prove that the attack took place," Callow said. "This is the digital equivalent of a kidnapper sending a pinky finger."
News4 has viewed some of the documents posted online. One is nothing more than an internal training document from several years ago. But there's also personal information that includes letters regarding disciplinary actions against 15 different students and their grades.
Callow said the these types of attacks are called ransomware, when the hackers threaten to release more information unless they're paid a ransom.
"Those amounts can vary anywhere between a few thousand all the way up to $42 million, is the highest amount I'm aware of," Callow said.
He said parents shouldn't be too worried, but the real danger could be to school staff.
"It's more concerning for the staff whose social security numbers could be exposed, whose salary information could be exposed," he said.
In a statement to News4, an FCPS spokesperson said, "We have retained leading security experts to help us investigate the matter and recover from the situation. We also are coordinating our efforts with law enforcement authorities."
FCPS said it has not notified staff because it’s investigating the attack.
A group representing staff says people should know if there's a possibility their information has been stolen.
"This is something that we believe employees need to be aware of, to be able to protect their own data as quickly as possible," Kimberly Adams of the Fairfax Education Association said. "Certainly, when you receive a notification that a credit card's been compromised in another location, you go and you worry about changing credit card numbers or passwords on accounts. Certainly employees need to know if that's something they should be doing now."
“We were shocked to learn that the FCPS system has been hacked,” said Tina Williams, president of Fairfax County Federation of Teachers. “This is deeply alarming for our community and we urge FCPS to swiftly resolve the issue, take every action possible to maintain the safety of employee and student data and information, and keep the FCPS community informed of all developments.”
Callow said these types of attacks have to be stopped as soon as they're discovered or the hackers can stay in the system and continue stealing information.
Usually, the hackers' intent is not to steal directly from staff members but rather collect a ransom, even if by means of insurance money, from the larger company or, in this case, FCPS, Callow explained.
But of course, if any private information is put online, anyone else could steal it.
With so many people working from home and students learning online, Callow said there could also be a greater threat to these types of attacks. Think of every computer used by students and staff as doors to a house: Each one is an added entry point for hackers to get into and work their way into the main network, he said.