Toledo Public Schools officials reversed course Thursday and admitted the district was the victim of a ransomware attack after officials for weeks said they were unaware of anyone demanding a ransom payment in connection with a computer disruption on the first day of school.

Concerns about a data breach at TPS publicly surfaced on Oct. 16 in an article posted by a website called DataBreaches.net. The website’s report claimed hackers obtained from TPS sensitive information — including student dates of birth and Social Security numbers, as well as staff addresses — and then posted that information online, which is a common outcome of ransomware attacks when the victim does not pay.

Indeed, the district’s online learning systems did fail during the first day of school on Sept. 8, and officials at the time attributed the problems to some sort of hack. But since then administrators have released little information, and doubled back to some details of their explanation about the situation.

In the most recent example of an about-face, TPS Deputy Superintendent Jim Gant acknowledged to The Blade that the failure of online learning tools on the first day of class was indeed part of a ransomware attack that subsequently culminated in the online dissemination of student and employee information. Prior to Thursday Mr. Gant had said the district “was not made aware of any ransom requests at all.”

“We did have a ransom demand and we’re working on a notice that will address identity protection,” Mr. Gant said Thursday.

Still, concrete information about both the Sept. 8 hack and the publication online of students’ and staff members’ personal information has remained elusive for weeks.

On Oct. 16, the same morning that the DataBreaches.net report surfaced, administrators told The Blade that they were not aware of any data breach at TPS. By that afternoon, however, they admitted that data “may have been compromised” during the Sept. 8 hack that interrupted online learning.

Three days later, Mr. Gant said he was unable to confirm whether the data breach was related to the Sept. 8 online learning problems and had no knowledge of anyone trying to extort a ransom from the district.

Then even though Mr. Gant acknowledged Thursday that the district received a ransom demand, he said he could not provide further details about when that demand was received or how much money was demanded.

“It’s still under investigation and we have to make sure we have all of our information accurate before further discussion,” he said.

Mr. Gant said TPS administration was working to providing identity-theft protection for employees, and will provide a notice to the public addressing similar identity-theft resources in the upcoming weeks.

Mr. Gant had said Oct. 19 that district officials would send later that day a written notice about the data breach to students’ households.

The Blade immediately filed a public-records request seeking copies of that correspondence and, as of late Thursday, neither that request nor another seeking records related to TPS’s data-breach investigation had been fulfilled.

Mr. Gant said the district is doing its best to resolve the issue and better protect staff and students’ information.

“It’s important that the public knows that we tried to attack this very quickly. We really want to make sure that we’re being transparent with the public and are doing everything we can to protect their information,” he said. 

First Published November 6, 2020, 12:32 a.m.