Community Notifications

This incident affected only on-premises servers and did not affect any cloud-based databases.

The incident was first discovered by District IT upon determining that these on-site servers were not communicating with endpoint systems. While the event rendered many of the District’s network services inoperable for a brief period of time, the District has since rectified all issues and remains fully operational.

The District takes its obligations to protect information seriously and took immediate action to limit the risks posed by this incident by instituting additional stringent security measures. Once the incident was discovered by the District, it acted quickly to limit risks. Additionally, we retained an independent third-party forensic team to analyze the occurrence and shed more light on the potential scope of impact. At this point, we have a high degree of confidence that the network environment is safe and secure, as it is being continuously monitored, out of an abundance of caution. We also instituted a number of additional changes to firewall and credential policies.

The investigation into the incident by the District was wide-ranging and exhaustive as it sought to identify the responsible party for this incident. The District notified the Federal Bureau of Investigation and the U.S. Department of Homeland Security, as well as a team of computer forensic experts, will further investigate the scope of the incident.

Please be assured that the District has taken the necessary steps to thoroughly investigate this incident. The District and its team of computer forensic experts continue to work diligently to address the impact of this incident and are working to evaluate and strengthen our cybersecurity controls.

Previous Communications

• Network Connectivity Update 8-05-2025
• Network Connectivity Update 8-08-2025
• Network Connectivity Update 8-11-2025
• Network Connectivity Update 8-18-2025
• Network Connectivity Update 9-26-2025
• Network Connectivity Update 10-30-2025

The District’s assessment of the event is ongoing. The last step of this process includes the aforementioned exhaustive review of the identified machines and files housed therein. We will continue to provide relevant updates as the assessment draws to a conclusion.