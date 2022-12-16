The Little Rock School District announced Thursday night that it has finalized a settlement to the recent cyberattack on the district's computer network systems but divulged no details on the terms, including the amount of any ransom that might have been paid.

"As of today, we can report that a final agreement has been executed," Greg Adams, who has served as the School Board president, said in a letter to "LRSD stakeholders" that was posted on the district's website at about 8:30 p.m.

"We cannot share the details of this agreement but we are in the process of retrieving the data that was taken from our system," Adams continued in the message. "Once we have confirmation that this process is complete, we will contact every individual whose data may have been compromised and will provide credit monitoring/identity theft services to these individuals," he said.

He added that the same services will be provided to every current employee in the school system. The employees will be receiving information by U.S. mail in the coming days on how to subscribe to credit and identity theft monitoring services.

Little Rock Superintendent Jermall Wright first told all district employees and the Arkansas Democrat-Gazette on Dec. 1 that the 21,000-student district was a victim of a data network breach, and that the district had employed external computer forensics experts to determine the scope of the problem. The cyberattack was also reported to the FBI.

"Although the investigation is still ongoing, our forensic partners have determined that some data may have been taken from our network," Wright said in that early December message.

[CYBERATTACK: Read Adams' letter to stakeholders » arkansasonline.com/1216lradams]

The School Board in a 6-3 vote on Dec. 5 authorized Wright to enter into a settlement of at least $250,000 to end, as favorably as possible for the district, the cyberattack on the data networks.

The $250,000 amount plus fees for a potential settlement was accidentally read out loud by the board member who made the motion to authorize an agreement.

After that Dec. 5 meeting and until Thursday night, district leaders were largely silent on the matter.

"I can assure you that LRSD has released all of the major facts it currently can," Adams said in the Thursday message.

"But there will always be some facts that we cannot share with the public because the release of those facts could jeopardize or impair the security, confidence, and integrity of our school district, its parents, students, employees, administration and the school's information technology systems and networks."

Adams also wrote that the district has been reconnected to the state's eSchool and eFinance network systems, which were never compromised. However, the state disconnected the district to protect those state systems while the district worked to secure its network.

"We have a six-month plan to continue running a series of tests and improving vulnerabilities in our network so the next several months will continue to be critical for LRSD," Adams said.

In the letter, Adams also addressed the board and district's management of the cyber attack, which included a Nov. 21 meeting of the School Board for which no legally required public notice was given in advance.

Adams said the intent of district leaders was to resolve the attack quickly and with minimal impact to students, teachers and the public.

The district implemented a plan for security breaches that called for employing legal teams and firms with expertise in cybersecurity. Those teams urged the district to minimize publicity on the matter as a way to avoid harmful actions by the "threat attackers."

District leaders relied on state laws that exempted disclosure of security plans "but did not provide a clear path to permit us to meet in private," Adams said.

But "we felt it was imperative to hold this meeting in private," he said because of the specific discussions on the district's networks. There was concern about causing the perpetrators of the cyberattack to act irrationally, he said, which could mean releasing and or selling personal data of stakeholders. He also said that the information would create the potential for others to attack the district.

Adams said he is "keenly aware" that the private meeting "eroded public trust."

"Moving forward, as we complete our investigation into what occurred in this incident and make sure our systems and networks are as secure as they can be, we will provide information to you about what happened, what we did, and what we are doing. But just as we could not share every detail in the past, we cannot share everything about our activities without potentially putting students, parents, teachers and the LRSD IT system at risk," Adams said.

Wright told the board at the Dec. 5 meeting that the data breach was "horrible," that he wouldn't wish the situation on anyone, and that every option facing district officials to resolve the cyberattack had negative impacts.

"We are doing our very best to try to protect the data that was taken from us," Wright said.

District leaders have said that student, employee and vendor data -- which could include birth dates, health records, Social Security numbers and credit card accounts -- were affected by the cyberattack but gave no specific details.

Wright has said that the "suspicious activity" in the district's technology network was initially detected Nov. 11.

The network problems became more publicly apparent when the district announced in late November that interim grade reports for students for this nine-weeks grading period were delayed and no later release date was set.

Arkansas Education Secretary Johnny Key said earlier this month that the state Departments of Education and Information Services have been assisting the Little Rock district on the cyberattack.

An attack on individual districts could threaten state systems, Key said, but state systems have not been compromised by this attack.

"We remain vigilant in our monitoring and detection of any threats," he said.