The Allegheny Intermediate Unit, a countywide taxpayer-funded education agency, confirmed that it was recently hit by a ransomware attack.
In a statement Thursday, the AIU said parts of its network were encrypted by malware from an unknown person who demanded a ransom payment to unencrypt the data. (Read the full statement at the bottom of this page.)
“Despite intensive analysis by independent experts, we have no evidence at this time that the unknown actor accessed or acquired any personal or protected information stored on AIU servers,” the statement said. “The AIU had backup versions of the most critical information and was able to restore access to the vast majority of the impacted files without engaging or paying the intruder.”
More analysis is being done to determine if any sensitive information was stored on the servers that were hit by the ransomware attack, the AIU said.
A source familiar with the intermediate unit in another county told Pittsburgh’s Action News 4 that student information for DART — an early intervention program for children ages 3 to 5 — could be on the server, and the information could be listed under only a student ID or the last four digits of a Social Security number.
When asked if students in the DART program could have their files or sensitive medical information compromised, the AIU declined to comment Thursday.
Below is a statement from Allegheny Intermediate Unit interim director Rosanne Javorsky.
The Allegheny Intermediate Unit (AIU) recently experienced an incident in which an unknown entity encrypted certain portions of its network with malware and demanded payment of ransom in order to unencrypt the affected data. The AIU, with the assistance of third-party forensic specialists, took immediate steps to investigate the nature and scope of the event, restore its systems and prevent future incidents.
Despite intensive analysis by independent experts, we have no evidence at this time that the unknown actor accessed or acquired any personal or protected information stored on AIU servers. The AIU had backup versions of the most critical information and was able to restore access to the vast majority of the impacted files without engaging or paying the intruder. To ensure the integrity of our systems and avoid similar incidents in the future, we are reviewing our policies and procedures and continuing to enhance the security of our information systems.
While we have no evidence at this time that any personal information has been or will be misused, we are issuing this statement out of an abundance of caution. Analysis is ongoing to determine what sensitive information, if any, was stored on the impacted servers. Once this determination is made, we will provide formal notification to any individuals whose sensitive information was contained on the servers that may have been accessible as a result of this incident.
Employees are encouraged to monitor their accounts and to contact their financial institutions regarding any unauthorized or unusual activity. Highmark Blue Cross Blue Shield offers an identity-protection service through Experian to all eligible plan members at no cost. Information about this service is available at https://www.experianidworks.com/highmark or by calling 1-866-584-9479.
We take this matter, and the security of information in our possession, very seriously. We remain committed to the privacy and security of all information the AIU maintains. We will share more information as we are able to do so.
Thank you for your attention to this matter.