In a new cyber incident, the Tucson Unified School District found itself in the crosshairs of the Royal ransomware gang. The TUSD data breach encompasses a staggering 29,000 individuals whose private and confidential information was leaked by a ransomware attack earlier this year. 
The Royal ransomware gang is a notorious threat actor, often, targeting big corporations, government agencies, and private companies worldwide. The TUSD data breach, though found later this year, had already started in early 2023 when the threat actor claimed the cyber attack on the Tucson Unified School District.
However, the TUSD data breach only came to light after the TUSD’s Governing Board Meeting, when officials revealed the attack to the affected individuals and public.
TUSD data breach revealed the private information of 29,000 individuals 
The TUSD data breach is just one of the attacks the Royal ransomware group orchestrated. However, the sheer amount of data sets the hacker has access to is still concerning. Moreover, the initial investigation revealed that hackers only accessed a handful of information and didn’t have access to sensitive data.
However, it was revealed in a follow-up investigation that the TUSD data breach actually consisted of current and former employees, students, parents, and their dependents who might have fallen prey to this extensive data breach.
Dr. Gabriel Trujillo, the Superintendent of TUSD, confirmed that no indications of data misuse had surfaced from the files stolen during the TUSD data breach. “We meticulously reviewed approximately one million documents on an individual basis, meticulously combing through them to identify any instances of private and confidential information belonging to both past and present students and employees,” said Trujillo. 
Individuals impacted by the TUSD data breach will receive notification letters on August 25th outlining the compromise’s extent and the subsequent recourse steps. As a gesture of support, TUSD offers affected individuals’ complimentary membership to an identity theft protection program for a year. 
TUSD is also introducing a toll-free customer care number, available for all employees beginning August 23rd, to address any concerns stemming from the breach. These responsive measures and broader cybersecurity enhancements are emblematic of TUSD’s commitment to safeguarding sensitive data for the future.
Tucson Unified School District Implemented New Measures for better Security
The Tucson Unified School District is taking precautionary measures to enhance data security with a series of new rules. One of the first rules includes that all documents and data uploaded to cloud platforms will now undergo encryption, providing an extra layer of protection against unauthorized access. 
The cloud infrastructure will play a vigilant role, ensuring continuous surveillance around the clock. It will promptly respond to potential threats, fortifying the district’s defensive capabilities.
In a proactive move, TUSD has decided to disallow students from using flash drives. This precautionary step aims to counter potential vulnerabilities that threat actors could exploit. Moreover, password policies have been substantially fortified. 
A 16-character password requirement has replaced the previous five-character threshold, significantly boosting security complexity and resilience. Additionally, mandatory password changes every 90 days and integrated secondary authorization measures will further enhance account security.
To cultivate a more vigilant workforce and prepare against potential threats, TUSD has made biannual cybersecurity training mandatory for all faculty and staff members. This comprehensive training program ensures that everyone can effectively tackle evolving security challenges. 
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.