Months after CISA issued an alert about Karakurt, Davenport Community Schools in Iowa reported some “server issues.” On September 13, Schools Superintendent TJ Schneckloth issued a statement regarding what had been described as “server repairs” after the district went without internet for roughly a week back in September. That statement, updated on October 4, acknowledged that there had been a cyberattack, but seemed to suggest that the district was somewhat successful in defending against it:
The school’s IT staff worked in conjunction with national experts to defend against the intrusion. There is no evidence that personal information was taken.
Even as of September 30, the district was claiming that there was no evidence that any personal information had been compromised. They also claimed that there was no ransom. But did that mean that there was no ransom demand, or just that they didn’t pay any ransom demand?
A new listing on Karakurt’s clearnet and dark web sites states may be a rude awakening for the district, as Karakurt claims they got a “massive array” of student personal information as part of the incident:
In this release we will show you 845 GB of their data which include a giant massive array of student’s personal information and much more others.
So far, there has been no proof of claim published.
DataBreaches submitted inquiries to Karakurt and to the District about the discrepancy between their claims, but no replies have been received as yet. This post will be updated when more information is received.
Updated Nov. 1: Still no direct replies from the District or Karakurt, and no proof pack or data proof from Karakurt, despite the latter’s claims.