Phone, internet, cable news

Personal information of students and employees of the Corry Area School District dating back to 1995 may have been obtained by the person or persons responsible for the recent ransomware attack on the district.

The school district became aware of a data breach that occurred on its computer network and servers as a result of a ransomware attack on Saturday, Oct. 16.

Initially, CASD officials thought all personal information relating to students and staff was housed off site through third-party vendors, but it has since been determined that was not the case.

"Until we were back here with people on campus that maintain personal information, we really didn't know what we were faced with at that time," Superintendent Sheri Yetzer said.

Upon initial review, the school district believed that no student or employee personal information was stored on the compromised server and released correspondence indicating the same, according to a statement provided today to The Corry Journal from the school district.

"We checked that our online, third-party platforms were not compromised where we believed at the time the data was stored and they were not compromised, hence our statement on Monday," CASD Director of Technology Andrew Schmidt said.

The statement reads after further investigation into the breach, it has been determined that student and employee information dating back to 1995 was stored on a compromised server and therefore may have been acquired by an unauthorized person.

"It took us time to get back here on Monday and talk to the employees that house, handle and maintain that type of personal information, and it wasn't until then did we discover that they do scan and store personal information documents on our server," Yetzer said.

The district is still in the process of determining what type of data may have been obtained and letters will be sent to former staff members who may be impacted by the data breach, according to Yetzer.

"We are required to not only notify them, but we have to notify them of the particulars as far as what could have been compromised, and that's what we're looking into today to make sure that that letter includes what type of data might have been compromised," she said.

In accordance with its policy manual, the Corry Area School District will follow its procedure for responding to a breach of computerized personal information.

In the manual, personal information is defined as an individual's first initial and last name in combination with and linked to any one or more of the following when not encrypted or redacted: Social Security number; driver's license or state ID number; financial account number, credit or debit card number, in combination with any required security code, access code or password that would permit access to an individual's financial account.

Yetzer said the district is in the process of notifying all current employees, former employees as well as parents and guardians of current students of the potential date breach. CASD will also post a notification to its website,, to notify former students.

"The letters that we're going to send will definitely indicate the potential pieces of information that could have been compromised," she said.

The notifications will be sent out by the end of today, according to Yetzer.

"We are going to email our current employees, but as far as former employees, it's going to be a hard copy mailed to them. We don't have a physical address for all former employees dating back to 1995. That's why we're going to post a notification on our website to hopefully get it out there for people that we don't have a physical address for," Yetzer said.

"We're also going to post additional information through the Social Security administration about additional steps they can take to protect their identity," she added. "The letter will point them in the direction as far as what they can do to put safeguards in place to protect their identity and so forth."

Yetzer said the letter is going to direct people to contact Brenda Clabbatz at 814-664-4677 ext. 1211 if they have any questions.

Ransomware is a form of malware designed to encrypt files on a device or network, rendering any files and the systems that rely on them unusable unless a ransom is paid for a decryption key.

CASD found out it was a victim of ransomware when a file on one of the compromised servers had a message that stated the district's files had been encrypted and provided an email address to contact.

"We never contacted them so we didn't even know an amount or anything," Schmidt said, adding that authorities and the school district's insurance company advised them not to contact the perpetrators.

The school district has not determined how the hacker or hackers gained access to its network and server.

"That is still being investigated," Schmidt said.

While the school district did take precautions to protect the server with appropriate software and security procedures, the ransomware attack was able to bypass the server's security measures, according to CASD's statement. The district immediately took action to take the server offline and take other precautionary measures.

All schools in the district were operating on a two-hour delay for students on Monday to give teachers time to plan lessons without the use of technology.

"Approximately Monday afternoon, we were able to restore network access and wifi access so students and teachers could have instruction as they normally would," Schmidt said.

A tech team from Network Technologies was called in on Monday to assist with getting the district back online.

They have done work with the district on numerous projects and are very familiar with our network. They were able to come in and get us back to operational," Schmidt said.

Kids who are remote learning because they are out of school for Covid-related situations regained the ability to rejoin their classes on Tuesday and were excused on Monday since they were unable to log in.

The school district is reviewing its security software and procedures in the wake of the ransomware attack and will be analyzing how to better ensure this type of breach does not occur in the future, according to CASD's statement.

No data or information was lost from the attack as it was backed up by the district.

Files containing staff and student information has not been put back onto the district's rebuilt server out of an abundance of caution. Schmidt said they're going to assess what information should and should not be on the server, for example employee information.

"We don't want to put that back on the server. We need to figure out where we're going to house that," he said.

(0) comments

Welcome to the discussion.

Keep it Clean. Please avoid obscene, vulgar, lewd, racist or sexually-oriented language.
Don't Threaten. Threats of harming another person will not be tolerated.
Be Truthful. Don't knowingly lie about anyone or anything.
Be Nice. No racism, sexism or any sort of -ism that is degrading to another person.
Be Proactive. Use the 'Report' link on each comment to let us know of abusive posts.
Share with Us. We'd love to hear eyewitness accounts, the history behind an article.