District notes reveal new details of cyber attack at Cedar Rapids Schools

CEDAR RAPIDS, Iowa (KCRG) - While the district has refused to answer questions or offer public details about a cyber attack that shut down the district for a week, new emails sent to staff are revealing some new details of the ongoing impacts.

In a note to staff, Superintendent Noreen Bush says the cyber attack happened on July 2nd. The district had not alerted parents or staff about the incident until late on July 4th, when it announced the district would shut down for the week. Bush notes staff are continuing to work to get several systems up and running.

In a note to staff at Washington High School, the technology facilitator notes that several programs are still not working in buildings, including local printing and Wifi, saying staff would have to use their phone as a hot spot for non-school devices. The facilitator also asked staff to turn in staff laptops to get ready for the school year. One teacher told us the exchange of laptops is very unusual but it’s unclear how much of this is related to the cyber attack as the district said it is “not able to provide further details”.

In a separate note, the district also explained why some employees went unpaid for the week. One bus driver told TV9 she is facing financial struggles without her expected pay.

However, the district says it is following its previous practice from the Derecho and COVID-19 closures of only paying year-round employees during the week of missed work. This means those scheduled for extra shifts or contract work will not be paid for the missed week.

“We realize this has caused several questions,” Human Resources Director Linda Noggle wrote to staff. “However, this decision is consistent with how the district has handled natural disasters in the past. Only the employees who were scheduled to work, per their work calendar, have been paid. Those who take on extra assignments for additional pay were not paid in previous disasters. ie: (Derecho) and Covid, only those who were scheduled, per work calendar, were paid.”

The district has offered very little detail publicly on what it only calls a cyber security incident and has refused to answer any questions related to it, like whether any student or staff data was compromised, the nature of the attack or the cost to taxpayers if the district paid any ransom. Though the note from Superintendent Bush hints more information may be coming.

“Please note in the coming days you should receive a letter from CRCSD mailed to your home regarding the cybersecurity incident and precautions we are taking,” Bush says at the end of her letter to staff.

The remainder of her letter heaps praise on district staff for their patience and efforts to overcome the effects of the cyber attack, likening it to the responses after the Flood of 2008, 2020 Derecho and COVID-19 disasters.

“The positive attribute I’ve witnessed through all recent CRCSD disasters: our dedicated staff’s response,” Bush wrote. “With our recent cybersecurity event, our incredible teams worked around the clock to help us respond to this and continue serving our 16,000 students and 3,500 employees. Our staff members are truly public servants, and this is just another example of your dedication—like your response to the COVID-19 pandemic, the derecho, and the flood.”

Read Superintendent Bush’s full letter here:

Challenges come in many forms, but the dedicated CRCSD response remains the same. Thank You!

Dear CRCSD Colleagues,

When wind gusts of 140 miles per hour struck our school buildings on August 10, 2020, the derecho disaster was physically seen everywhere. Trees snapped in half and blown-off rooftops were tangible images of a natural disaster aftermath. Another form of natural destruction hit CRCSD with the 2008 flood that caused physical distress to our school infrastructure. Additionally, we saw tangible signs of school building closures and sweeping online curriculum changes during a two-year pandemic that caused challenges in our world and our local school district.

CRCSD recently faced another challenge, but this time it came in a different form. It didn’t produce downed power lines, broken glass or physical illness. As many organizations have unfortunately experienced in this digital era, our beloved public school system became the victim of a cybersecurity incident on July 2, 2022, which disrupted some operations for four business days. While we continue work to get certain systems up and running, our incredible teams got us operational very quickly for an organization our size (3,500 employees and 16,000 students).

The positive attribute I’ve witnessed through all recent CRCSD disasters: our dedicated staff’s response. With our recent cybersecurity event, our incredible teams worked around the clock to help us respond to this and continue serving our 16,000 students and 3,500 employees. Our staff members are truly public servants, and this is just another example of your dedication—like your response to the COVID-19 pandemic, the derecho, and the flood. I thank everyone for your patience as we work to resolve this matter, and I especially thank those who put in such long hours to get us up and running as quickly as possible amidst this challenge.

I am in awe - during each event - of how our staff responds. Regardless of the challenges we face, we bring the same passionate, dedicated response to the community. We’ve witnessed kindness and support directed to us throughout the past two weeks, and the dedicated teams humbly absorb the positivity after many long hours. A community response of gratitude is always appreciated, in all forms.

Please note in the coming days you should receive a letter from CRCSD mailed to your home regarding the cybersecurity incident and precautions we are taking.

With Sincere Gratitude,

Noreen Bush

Superintendent

Copyright 2022 KCRG. All rights reserved.