By Kate Royals and Will Stribling | Mississippi Today

A group of cybercriminals hacked the Vicksburg Warren School District’s servers last month and claimed to have employees’ personal information and internal school documents.

A group that calls itself “Grief” breached the school’s servers through a ransomware attack on May 28.

“The network of Warren Vicksburg School was screwed and now we have about 10 GB of data from file servers, including internal company documents and personal information,” the group’s website read before it was removed. “According to our rules, we are publishing this data step by step in case if this company will keep silence (sic).”

While the district declined to answer whether it paid a ransom to the group to prevent the release or sale of personal information, Brett Callow, a threat analyst at the antivirus company Emisoft, said when the cybercriminals remove the threat from online, “it’s usually an indicator they are in negotiations or have been paid.”

A district spokesperson said Thursday they are “working to determine what information might have been affected.”

A Mississippi Department of Education spokeswoman confirmed the district had contacted the department in recent weeks about the attack. George Co. School District also made the department aware it had been attacked in recent weeks. It’s unclear if the attacks were carried out by the same group.

Most employees in Vicksburg Warren School District first heard of the breach Friday morning, two weeks after it occurred and after Mississippi Today asked the district why teachers had not been informed their personal information may have been compromised.

“On May 28, we identified suspicious activity on some of our computer systems. We immediately took steps to stop the activity and investigate it further,” a Friday email from Superintendent Chad Shealy to district employees said. “Out of the concern to protect our staff and students, the District engaged an independent cybersecurity expert and law enforcement to help in our investigation. At this time, there’s no evidence that employee sensitive information was accessed or misused.”

The Vicksburg attack comes after last month’s ransomware attack on the Colonial Pipeline and dozens of other American entities in recent weeks, renewing fears about technology being used to hold the government or entire sectors of the economy hostage.