WI: New development in Janesville school district ransomware incident
In October 2021, the School District of Janesville in Wisconsin disclosed that they had experienced a ransomware incident. At the time, they said that no data had been accessed or destroyed and that they had not received any ransom demand.
In short order, their claims were challenged on a Russian-language forum where someone calling themself “Garrett” addressed the district’s CIO, Robert Smiley, and offered some proof of claims.
When asked by DataBreaches.net about the claims and the proof, the district did not respond.
Since that time, there does not appear to have been any further developments that were reported publicly. DataBreaches.net could not find any notification template on Wisconsin’s site that notes breach reports. Nor could we find any notification on the district’s website.
That situation may change, however, because Hive threat actors have now added Janesville to their dedicated leak site.
Hive has not leaked any data or offered any proof of claims — at least not yet — but Hive often has a long delay between when they first post an incident and when they first dump or leak data from it.
The “Garrett” forum post is somewhat of an anomaly for Hive, who generally do not go for flashy “press” statements or public threats. Does Hive or its affiliate(s) seriously think there is any chance that the district will pay them now after all this time?
If, however, Janesville never sent notification letters to employees or parents of students whose personal information was accessed and/or exfiltrated, then that is something they will need to do — if they ever figured out what happened and who was impacted.
DataBreaches.net has sent an email inquiry to the district to ask them precisely those questions. No reply was immediately available, but DataBreaches.net will update this post when a reply is received.