Joliet Public Schools District 86 in Illinois sent data breach notices to 1,495 people following a May 2024 cyber attack that compromised names, Social Security numbers, and dates of birth.
Ransomware group LockBit claimed responsibility for the attack on July 18, and gave JPSD86 until August 4 to pay an undisclosed ransom. LockBit posted a proof pack on its website that it says contains samples of stolen confidential documents.
JPSD86 has not verified LockBit’s claim. We do not know whether JPSD86 paid a ransom, how much LockBit demanded, or how LockBit breached the school district’s network. The notice does not specify whether the data belongs to students, staff, or parents.
“Joliet Public Schools District 86 takes privacy and data security very seriously. We recently experienced an incident involving unauthorized access to certain of our systems, and we took prompt steps to contain, remediate, and investigate the situation We are contacting individuals that may be involved with additional information about the incident and next steps, and we will be working with those individuals to address any questions they may have.”
The data breach notice (PDF) sent by JPSD86 to victims states, “We recently detected suspicious activity involving certain JPSD86 computer systems. Upon discovering this activity, we promptly began an internal investigation and response. We also engaged a leading, third-party forensic investigation firm to confirm the security of our systems and to further investigate. Based on the results of the investigation, we believe an unauthorized party temporarily had access to certain JPSD86 systems and may have acquired certain JPSD86 files from those systems during that time.”
JPSD86 is offering eligible victims one year of free credit monitoring via Experian.
Who is LockBit?
LockBit first appeared in 2019 and has claimed responsibility for thousands of ransomware attacks. In addition to date theft, the Russian cybercrime group’s malware encrypts computer systems so they can’t be used until a ransom is paid for a key to decrypt them. JPSD86 did not state whether any school systems were encrypted.
In 2024, Comparitech researchers have logged 69 confirmed ransomware attacks claimed by LockBit, affecting 8.2 million records. The group claimed another 426 attacks that have not been acknowledged by the targeted organizations.
LockBit’s average ransom demand is $4 million.
The group is responsible for 17 attacks so far this year on education organizations around the world. Those include attacks on Education for the 21st Century (UK) and the Toronto District School Board (Canada).
LockBit’s largest data breach this year was on East Valley Institute of Technology, which notified 208,717 victims after an attack in January 2024.
Ransomware attacks on US education
Comparitech tracked 44 confirmed ransomware attacks on the US education sector in 2024 so far, affecting 246,000 records. Overall, this year’s figures are on track to be lower than last year: 122 attacks affected 2.7 million records in 2023.
The average ransom for an attack on a school or university is $511,000.
Other recent confirmed ransomware attacks on schools include Henry County Schools (TN), Albany College of Pharmacy and Health Sciences (NY), Providence Public Schools (RI), Richmond Community Schools (IN), and Highline Public Schools (WA).
Another 51 such attacks in 2024 were claimed by ransomware groups but not acknowledged by victims.
About Joliet Public Schools District 86
Joliet Public Schools District 86 is an elementary and middle school district in Joliet, Illinois, a suburb of Chicago. The district consists of 15 elementary schools, four junior high schools, an early childhood center, and an alternative school. As of 2022, it enrolled 9,610 students and employed 1,669 people, of which 745 are teachers, according to the district’s website.