DMPS data breach affects students and staff district wide

Q&A with Lisa Irey, director of technology for DMPS.

DMPS data breach affects students and staff district wide

Lilliana Thomas, Writer

On Jan. 9, around 7:30a.m. an employee got a security alert that there was someone hacking into the DMPS system. They had to shut down everything right away, including the whole entire network, which meant no Wi-Fi for students, staff, or anyone else in the DMPS district from Jan. 9, through Jan. 27. This caused classes to be cancelled for the DMPS district on Jan. 10 and 11, Those days will now be made up at the end of the school year.

Lisa Irey, the director of technology for DMPS, provided information on the situation.

How did they find out about the threat?
“We received a notification from one of our employees that had found a note on the computer pretty much saying you have been attacked. That caused us to go into reaction mode with our cyber response plans for when these things happen,” Irey said.

What is the cyber response plan?
“Whenever an incident happens, we have a very procedural approach. We shut the internet down, shut down all in our servers and we disconnected backups so that we can begin investigating in off-line mode for safety,” Irey said.

“I am not sure if I can speak on that now, they do have a name, and we do know who they are. We are working with all the proper law enforcement and authorities…”

— Lisa Irey, director of technology for DMPS

Being questioned about who might have hacked into the DMPS system, Irey was hesitant.
“I am not sure if I can speak on that now, they do have a name, and we do know who they are. We are working with all the proper law enforcement and authorities to report anything we learn to them for their investigation purposes, and we are working very closely with our cyber insurance. They have an engineering team that is helping support. They have a forensic investigation team that is working to support us, so they give us very strict guidelines of what we need to do,” Irey said.

There were also a lot of theories made, what were some?
“There are a lot of crazy rumors, like somebody from Russia did it, a kid at whatever school didn’t like their grades first semester, so they did it,” Irey said.

People are curious about what data might have been stolen, can you say?
“At this time, we do not. We cannot say, I cannot say,” Irey said.

Wondering what are some of the next steps with moving forward?
“We are doing a lot, because when you know better, you do better. The way we are architecting our network is a safer way so that if we were to be infiltrated again it would be much more difficult to move throughout our environment. We have deprivileged a lot of accounts so for instance, you may have privilege access like you could have permissions on your computer to perform different actions, like installing a software that requires elevated rights and more people you have with elevated rights the more risk that there was more accounts or credentials stolen, then a threat actor could use those to gain our system essentially,” Irey said. “The way we built our network, the way we let people access our network has changed,” Irey said.

Asking why Irey couldn’t share much.
“It’s weird, I’m usually an open book, right? But now with all this we just have to be careful, our cyber insurance company, you know, one of their pieces of advice is to not really talk about it too much because the threat actor that is responsible is then also
watching every move that we make.” They also responded with, “I can tell you the F.B.I. is involved.”

Now that the internet is back, is it temporary?
“The name of it is temporary, but the connection is permanent,” Irey said.

Is there anything different about this connection?
“One of the things we have to do in response is every user will have to change their password, and we are going to the password policy for our high school students to match the policy of our staff, 16 characters,” Irey said.

Why only high school students?
“Because our younger students, their accounts don’t have as many privileges, because they don’t need it. But as you get older you may need to email someone outside of the district. Our younger kids can’t do that, you may need to access different resources online, so we need you to have a little more freedom with your accounts, but we also need to make sure your accounts are secured,” Irey said.

Tips from Irey for a 16- character long password

“One of my biggest tips for a 16-character password is using a passphrase, use a saying. I use a movie quote or a song lyric or like a quote from a show or something like that. It doesn’t have to have an upper case or lower case, a number or a symbol, it can literally just be 16 letters.”