The cyberattack that struck Papillion-La Vista Community Schools in May, touching off an FBI investigation, is proving to be a significant and costly inconvenience.
Officials say the cost of recovery — yet to be tabulated — could be substantial.
Officials said Wednesday that student records and employees’ personal information were not compromised by the malware attack.
But the attack was sufficient to require rebuilding district servers, replacing some desktop computers, and wiping clean hard drives and replacing the operating system of some teacher laptops.
This summer, district officials are requiring teachers and staff to bring in their laptops — about 900 in all — for service.
Microsoft Surface devices have to be “wiped clean,” while Apple MacBooks require some software updating.
All had to be reconnected to the cleaned system.
On Wednesday, about 70% of those had been fixed.
“It could have been worse than it was because we really got ahead of it,” spokeswoman Annette Eyman said.
The district had cyberattack insurance, which pays for expenses such as the forensic examination of computers.
But the district will likely have to absorb some recovery costs, particularly personnel and new hardware, unless the culprit can be found and held accountable, Eyman said.
Sign up for World-Herald news alerts
Be the first to know when news happens. Get the latest breaking headlines sent straight to your inbox.
On Wednesday, teachers from La Vista West Elementary took their turn bringing in their computers to the district’s Technology Training Center.
Sixth-grade teacher Stacie Leonovicz typically would have been working in her classroom preparing for the school year.
Instead, at 8:45 a.m. she was turning her laptop in for a fix.
She said she relies heavily on technology in her classroom.
“The biggest takeaway is we’ve seen how phenomenal our IT is,” she said.
Student grades, financial information and other sensitive data were kept on a separate system, said IT director Lucas Bingham.
The attack, introduced via email, had the telltale signs of a ransom attempt — fouling up the system and then demanding money to restore it, he said.
But it never got that far, he said.
Bingham said employees detected it and took action to stop its spread. The district had backup systems that were quickly taken offline to preserve data.
Bingham, who is overseeing the districtwide reboot, said the malware attack was “definitely well-organized and sophisticated.”
The perpetrator of the attack has not been identified, he said. The investigation by police and the FBI will take time, he said.
Employees, meanwhile, are getting refresher training in how to avoid inviting cyberattackers into the system, for instance avoiding opening suspicious emails.
Leonovicz said that’s good.
“I think we all know that, but it’s good to get a reminder,” she said.
There’s a fallout for students returning to school — those with school email accounts will have to change their names and passwords upon registration.