This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

KANSAS CITY, Mo. — A cyber attack closed schools for nearly 12,000 Northland students Monday. Now the search is on to figure out what happened, fix the problems, and stop it from happening again.

The FBI is helping Park Hill Schools get to the bottom of it all. The district says a malware attack cut off access to several systems used for education and learning. The attack happened on what should’ve been the first day back to full-time learning for all students in a year. 

“The fact that, yeah, today was supposed to be the first normal day in a year, is really fitting that it wouldn’t be. The last year has been crazy. It’s frustrating,” said Park Hill parent Roxeanne Thorman.

Parents first started flagging issues Sunday with logging onto a district program called “Schoology.” Tech staff thought the problems were fixed by 4:30 a.m. Monday morning, but new issues were uncovered at 6 a.m.

Without access to student data, including emergency contacts, classes were canceled. 

“Our goal is to get ourselves back in school as quickly as we can but do it in a safe manner but also make sure this investigation has some time to run its course so we can actually get the answers everyone wants,” said Dr. Jeanette Cowherd, Park Hill Schools Superintendent.

Cyber security educator Tiffany Franklin says Park Hill’s doing the right thing bringing in the FBI and others to investigate what went wrong. 

“Bringing in some of the experts is going to be really valuable in determining who did it.  Gathering all the digital evidence—that’s what some of the experts are going to be doing, more so than just the alert but going in and analyzing some of the systems to see where footprints are in the different aspects because if someone were to breach a network, they can go into different parts of the network.  So doing tracing of where all of that is,” said Franklin, cyber security education manager with Optiv.

It’s possible there’s a known program flaw, fixable with a security patch.   Franklin also suspects user error could be at fault. 

“Phishing emails used to be really easily identifiable—grammar mistakes, sending money to overseas to bail a cousin I never knew I had out of jail—they don’t look like that anymore.  They’re very sophisticated now so we need to up our training,” Franklin said.

Park Hill says it already offers annual online security training and is always looking at how to improve it. 

“It’s very concerning.  There’s a lot of, all our personal information is out there and somebody has it,” Thorman said.

Right now, the district does not believe anyone’s personal data was exposed but experts say it’s always wise to watch your credit reports and use identity theft monitoring. 

Park Hill believes this was not connected to any larger breaches and is not saying if this malware attack involved demand for a ransom to be paid to fix the problem. The district does carry technology insurance that could be used for that and any damages. It hopes to keep the community updated as it learns more from the investigation about exactly what happened.