NPS reports 'recent event involving personal info' of staff, students

Dec. 3—The fallout continues for Norman Public Schools following last month's debilitating ransomware attack.

The district reported Friday the personal information of certain staff and students was compromised by an unauthorized "actor" who gained access to some computer systems.

"Although unaware of actual or attempted misuse of anyone's information, the Norman Public School District (NPS) is providing notice of a recent event involving personal information of certain NPS staff and students," the district said in a news release.

Attempts to reach a district spokesman for clarification Friday were unsuccessful.

Last week, the district reported that an unauthorized "actor" gained access to certain systems and that information contained on those systems "may have been viewed or taken."

"To date, we have received no indication of any identity theft or fraud as a result of this event," NPS told families in an email sent Nov. 24.

For the 2022-2023 school year, the district collected names and Social Security numbers for enrollment purposes. If provided, the Social Security of students "were also potentially impacted," the district reported.

NPS also told families it collects names, addresses, Social Security numbers and financial account numbers from staff for payroll purposes.

"This information, which NPS collected from current and former NPS employees — including substitute teachers and summer staff — was potentially impacted," the district reported.

The district also told families it collects names, addresses, Social Security numbers and financial account numbers from staff for payroll purposes.

"This information, which NPS collected from current and former NPS employees — including substitute teachers and summer staff — was potentially impacted," the district reported.

The district first reported a "malicious ransomware attack" Nov. 4 and warned families to discontinue using district-issued laptop computers and other devices.

Ransomware is a type of malicious software that threatens to publish or blocks access to data or a computer system, usually by encrypting it, until the victim pays a ransom fee to the attacker.

The attack disabled a majority of district operating systems, including Infinite Campus, Canvas and Seesaw, for about eight days.

The district is now offering identity theft protection services to all who may be affected.

The services will be provided for 12 months through IDX, a data breach and recovery services expert, and will include credit and CyberScan monitoring, a $1 million insurance reimbursement policy and fully managed theft recovery services.{

The call center that connects families with IBX is now open from 8 a.m. to 8 p.m. Monday through Friday at 833-896-6813.