Lumberton ISD officials report cyberattack

An international hacking group that stole information from Stephen F. Austin (SFASU) State University in a cyberattack earlier this month, also claims they took information from Lumberton  Independent School District.

According to a press release by LISD officials on June 26, Lumberton ISD discovered a cybersecurity incident that impacted some of their network operations on June 13. 

“We immediately launched an investigation and are working actively and diligently with the assistance of retained experts to remediate and restore operations as quickly as possible as well as identify the nature and scope of information that may have been involved. Please know that the privacy of students and employees is of the utmost importance to us, and we are committed to satisfying any resulting regulatory and legal obligations,” according to the press release.

The hacking group, called Rhysida, stated in an email to The Daily Sentinel in Nacogdoches claiming responsibility for the attacks that was discovered on June 12 and 13.

“These hackers, are a verily new organization and emerged in late-May,” said Sentinel Managing Editor Josh Edwards. “They’re most famous for hacking, stealing and sold documents from the Chilean military.”

According to Edwards, shortly after the SFASU attack, he received the email from Rhysida that stated that SFASU was lying to Edwards by saying  they didn’t believe “any data was compromised.”

“We downloaded about 1.2 terabytes of data from their (SFA) network, including SQL databases,” Rhysida said in an email. “Here an attachment that proves to you that we stole data. It’s basically a press release from an international gang.”

“They said in the email they plan to auction off the data on their website which is on the dark web that uses a special browser,” added Edwards.

Edwards said he replied to the email and ask them to send information when the data from SFA goes up for auction.

At about 8:17 p.m. June 24, Edwards said he received an email that he would be informed about the auction.

“The same day we attacked SFASU, we also attacked the Lumberton Independent School District. They are withholding information about the attack. We downloaded 300 gigabytes of amazing personal documents and the proof is attached,” Rhysida relied to Edward’s email.

Edwards stated in an email he received from the group, the attachment shows W-9 files, Social Security cards, Texas driver’s licenses, passports, a substitute teacher’s application form, spread sheets that appear to contain Social Security numbers of students or employees, a vendor form with a Social Security number and tax identification number, and address from Lumberton ISD.

He noted he can forward the email to the Lumberton ISD Information Technology (IT) Department, but can not send it to anyone else, per the newspaper’s attorneys.

“It’s unclear how they are choosing their victims,” he said. “Whether it has something to do with the specific networks they are targeting or just scatter shooting around to see what they can get into.”

“This isn’t one of those type of attacks, as far as I can tell, where your are looking out for weird email attachments, spoofed email addresses or whatever. They are attacking it directly through the website.”

The group commonly uses ransomware — a type of virus that holds computer files hostage while hackers ask for a payment as a form of extortion — according to cybersecurity experts.

Edwards said there is no indication where the organization is based in the world.

“My tech folks told me they speak English and are not using a translator,” he said. “However, they speak in phrases that is very Eastern European, possibly Romanian.”

An email attachment from the hackers on the SFASU attack included 28 files mostly dated from August to December 2022, though some went back as far as 2013. University Police Department files, W-9 and contractor applications and passport documents were included in the leak.