The Little Rock School District announced Thursday night that it has finalized a settlement to the recent cyberattack on the district's computer network systems, but officials divulged no details on any ransom that might have been paid.
Greg Adams, who has served as the Little Rock School Board president, announced in a letter to stakeholders "that a final agreement has been executed." The letter was posted on the district's website at about 8:30 p.m. Thursday.
"We cannot share the details of this agreement but we are in the process of retrieving the data that was taken from our system. Once we have confirmation that this process is complete, we will contact every individual whose data may have been compromised and will provide credit monitoring/identity theft services to these individuals," Adams said, adding that the same services will be provided to every current school system employee.
[CYBERATTACK: Read Adams' letter to stakeholders » arkansasonline.com/1216lradams/ ]
Little Rock Superintendent Jermall Wright first told all employees and the Arkansas Democrat-Gazette on Dec. 1 that the 21,000-student district was a victim of a data network breach. He also said that the district had employed external computer forensics experts to determine the scope of the problem. The cyberattack was also reported to the FBI.
“Although the investigation is still ongoing, our forensic partners have determined that some data may have been taken from our network,” Wright said in that early December message.
In a 6-3 vote on Dec. 5, the Little Rock School Board authorized Wright to enter into a settlement of at least $250,000 to end, as favorably as possible for the district, the cyberattack on the data networks.
After that meeting and until Thursday night, district leaders were largely silent on the matter.
"I can assure you that LRSD has released all of the major facts it currently can," Adams said Thursday night. "But there will always be some facts that we cannot share with the public because the release of those facts could jeopardize or impair the security, confidence, and integrity of our school district, its parents, students, employees, administration the the school's [information technology] systems and networks."