Inspector General Reveals Details Behind 2020 BCPS Cyber Attack


Credit: Shutterstock

BALTIMORE COUNTY - A report from the Inspector General’s office has finally revealed what led to the 2020 cyber attack on Baltimore County Public Schools.

The hack occurred on November 24, 2020, soon after a Board of Education meeting. As BCPS staff and officials scrambled to fix the issue and identify how the breach had occurred, nearly 115,000 students could not attend virtual classes.

According to the report, the security breach occurred when an unsolicited email claiming to be from a college representative with a phony invoice was sent to a BCPS employee.

The employee believed the email was legitimate but checked with the IT department to be sure.

IT staff quickly determined that the email was suspicious and forwarded it to the BCPS security contractor. The contractor mistakenly opened the email on an unsecured domain, allowing undetected malware to enter the network.

The report indicates that the hacker(s) intentionally delayed the attack to avoid detection and cover their tracks. It took over two weeks for the malware to spread throughout the network and disable critical systems.

The Inspector General found that BCPS followed security recommendations from state auditors. However, the report also says that officials failed to relocate their publicly accessible database causing inadequate network security.

The attack did not corrupt the school system’s backup files, allowing for an easier recovery. Despite this, some records, including human resources and payroll information, were lost.

BCPS ultimately decided to use a year-and-a-half-old backup file to restore data. This file did not include personnel, payroll, or benefit revisions made before the cyberattack.

In total, the recovery efforts for the attack cost the school system and, thus, taxpayers nearly $9.7 million.

Since the attack, the school system has transitioned to a cloud-based environment and has implemented new security measures, including multi-factor authentication, firewall technology, and enhanced malware detection.

You can read the full report here.

I'm interested
I disagree with this
This is unverified