116 3rd St SE
Cedar Rapids, Iowa 52401
The FBI was involved in investigating a disruption last month in the Linn-Mar Community School District’s computer systems, which Associate Superintendent Nathan Wear described at the time as a “computer breach,” records show.
District officials have not publicly confirmed the breach as a cybersecurity attack, but emails provided to The Gazette through a public records request show an official was researching ransomware attacks shortly after the incident.
Linn-Mar schools announced Aug. 2 it was investigating the source of why its phones went down and its computer systems was disrupted. Staff and visitors were limited on school campuses just weeks before the first day of school as third-party specialists worked with the district to assess the impact and recover its systems as soon as possible. The district has not said who these third party specialists are.
In an Aug. 26 email, Wear described the incident as a “computer breach” while rescheduling a meeting with Frontline Education, a software company for K-12 educators.
The Linn-Mar Community School District charged The Gazette $74.50 for about 200 pages of public records. About 15 of them dealt with directly with the breach.
In an Aug. 1 email to Linn-Mar Superintendent Shannon Bisgard, school board member Matt Rollinger said wrote it would be “prudent that the district be as transparent as possible with the situation,” according to the emails provided to The Gazette.
Bisgard responded Aug. 2 that the situation made “it very difficult to share many specifics” broadly. “We are following the advice of our attorneys in regards to all communications,” he wrote.
In the email, Bisgard said the FBI was involved. “Right now, there is nothing for our staff to worry about,” Bisgard said. The Linn-Mar district has not disclosed whether personal data on its staff was compromised.
As of Monday, a letter had not been submitted on behalf of the district to the Iowa Department of Justice’s 2022 security breach notifications. Anyone who encounters a security breach that affects at least 500 Iowa residents must provide notice to the Attorney General’s Consumer Protection Division within five business days after telling affected people.
The Linn-Mar disruption happened a month after a ransomware attack closed Cedar Rapids schools and compromised personal information of its district employees.
The Cedar Rapids Community School District later paid an undisclosed ransom to a criminal group that attacked its computers.
Personal information from staff was included in the data exposed from Cedar Rapids schools. The data of 8,790 Iowans may have been compromised in the cybersecurity incident, according to a letter to the Iowa Attorney General’s Office from McDonald Hopkins, a law firm in Chicago representing the school district. The Cedar Rapids district is offering a free year’s worth of crediting monitoring services to affected employees to see if the data is being used.
Cedar Rapids asks $27K for public records request
The Gazette also made a public information request to the Cedar Rapids Community School District regarding the cybersecurity incident it reported July 4. The district billed The Gazette $27,650 — which The Gazette did not pay — and set a time frame of four to five months to produce the emails.
The Gazette asked for emails between July 2 and July 22, to and from Superintendent Noreen Bush, district communications director Colleen Scholer and ProCircular, a computer security service in Coralville. ProCircular works with a number of school districts in Iowa and throughout the Midwest.
Over 10,000 emails were found that might meet the criteria, according to district officials.
The district would have an employee review all the emails, at a rate of $55 per hour, to determine if the subject matter aligns with the request. The district estimates it would take 500 hours to complete. A legal review would then be conducted by the district to determine whether any information is confidential and cannot be disclosed or must be redacted. An outside expense for legal review was estimated at $175 per hour.
Linn-Mar official investigates ransomware
In an Aug. 2 message to Linn-Mar staff, Bisgard said the district was working with a third-party specialist to assess the impact and recover its systems as soon as possible.
Linn-Mar executive director of technology services Jeri Ramos said she was researching ransomware on Aug. 3, in an email to the superintendent.
“Most advice is exactly what we are doing and run primarily by insurance companies. Uncomfortable solace,” Ramos wrote. “I think we are doing a lot of things right. Still haunted by how and why.”
In the email, Ramos questioned if Linn-Mar was targeted because of the district’s proximity are to Cedar Rapids schools. “Did one of ours open an infected file from (Cedar Rapids schools), and unknowingly download the payload?”
“I tell my guys daily we will have time to look back and reflect in the months to come,” Ramos wrote. “Our focus now has to be moving forward to get us operational. Let’s use all our energy and creative genius to do just that now.”
The district has not confirmed to the public that a ransomware attack had occurred, or said that it paid any ransom to regain control of its systems.
Over two weeks after the breach, educators voiced frustration that they still were unable to access Wi-Fi on the district’s campus. In an email from Grant Wood Area Education Agency program associate Molly Beer to district administrators Aug. 18, Beer describes her frustration that coaches working with educators were unable to access Wi-Fi.
“We understand both Linn-Mar and (the Cedar Rapids Community School District) went through a cybersecurity incident over the summer, which we realize you need to take the most necessary precautions to prevent this from happening again,” Beer wrote.
The Linn-Mar district has 1,200 staff who serve 8,000 students across 12 buildings.
Comments: (319) 398-8411; email@example.com