Cybersecurity

Virtual classes for Miami-Dade school district disrupted by cyberattack

Miami-Dade County Public Schools (M-DCPS) announced late Tuesday that its virtual classroom systems had been hit by a cyberattack that temporarily disrupted online classes amid the pandemic.

In a statement, the district noted that its My School Online distance learning platform had been hit by a distributed denial of service, or DDoS attack, that negatively impacted the first two days of the 2020-2021 school year.

M-DCPS had initially concluded that the connectivity problems on the learning platform had resulted from a software malfunction, but were notified on Tuesday night by Comcast, which provides internet service for the district, that glitches on the platform were also caused by the DDoS attack. 

DDoS attacks involve an attacker attempting to take down a server by overwhelming it with traffic. 

“At no time were our firewalls compromised and no student or employee personal data was accessed,” M-DCPS wrote in a statement. “The cyber attacks did create a significant burden and caused massive disruption to all District web-based systems.”

In a separate statement released by M-DCPS on Wednesday, the district said that “multiple” cyberattacks had been targeted at the district “this morning,” but that “the District’s security and safeguard measures have been successful thus far.”

The district warned its 200,000 students who were using the virtual learning platform to stay logged on. 

According to the Miami Herald, M-DCPS Superintendent Alberto Carvalho told reporters Wednesday that he did not know who was behind the attack, but that he planned to press charges. Comcast was also subpoenaed by authorities for more information around the attack. 

“Yesterday I was frustrated and disappointed,” Carvalho said, according to the Miami Herald. “Today I am frustrated and angry.”

M-DCPS has called in the FBI, the U.S. Secret Service, and the Florida Department of Law for assistance in responding to the attack, and noted that the Miami-Dade Schools Police Department is leading the investigation.

“We expect the online teaching and learning experience to improve on Wednesday, however, we ask all to continue to be patient and to use alternative means of online learning, such as Microsoft Teams or Zoom through Microsoft Teams, if access to the designated platform continues to present a challenge,” the district wrote. 

A spokesperson for Comcast told The Hill that the company was taking steps to respond to the cyberattack, noting that “any issue that could impact internet access is one we take very seriously.”

“Comcast became aware of an issue impacting the Miami Dade School District network, causing many families to be unable to access the learning site as the school day began,” the spokesperson said. “Given this took place during the beginning of school, we understand how important connectivity is for virtual learning during this unprecedented time.”

They added that Comcast is “continuing to monitor the situation and are working with the school district and law enforcement to ensure this doesn’t happen again. We sincerely apologize to the families, teachers and students who were kept offline.”

School districts have been increasingly targeted by hackers over the past year, with Louisiana declaring a state emergency last year after several districts were hit by a ransomware attack, while one school district in Arizona was forced to cancel classes for several days after a separate ransomware attack. 

Top security officials at universities warned last month that they were seeing a sharp rise in targeting of students by malicious actors online, particularly through phishing emails.