The investigation into the November 2022 malicious ransomware attack is complete. This page serves as a homepage for the event and includes all information and communications that were sent.

THURSDAY, MARCH 9, 2023

WHAT TO KNOW

• As an added precaution following the November 2022 ransomware attack, NPS continues to offer identity theft protection services to all potentially impacted individuals.
• Enrollment is open through Friday, March 31, 2023. Importantly, individuals will not be able to enroll to obtain identity theft protection after March 31, 2023. If you have delayed and want that protection-enroll now!
• The services can be activated by calling the dedicated call center at (833) 896-6813, which is available Monday through Friday from 8 a.m. - 8 p.m. Central Time.
• Additional resources can also be found here.

NPS Families, 

As an added precaution following the November 2022 malicious ransomware attack, Norman Public Schools continues to offer identity theft protection services to all potentially impacted individuals for twelve (12) months, through IDX, the data breach and recovery services expert. If you have not already signed up for these services, the deadline to do so is Friday, March 31. The 12 months of protection services will start from the date of enrollment, but you will not be eligible for services if you do not sign up before the deadline expires.

NPS remains unaware of any actual or attempted misuse of anyone’s personal information as a result of this event. Nevertheless, NPS encourages potentially affected individuals to review the steps one can take, which can be found here. 

More information about the identity theft protection services, which vary for adults and minors, can be found here. The services can be activated by calling the dedicated call center at (833) 896-6813, which is available Monday through Friday from 8 a.m. - 8 p.m. Central Time.

Below is a description of the services available to impacted individuals:

• Credit Monitoring Protection, which is only available to adults, monitors changes to your credit file;
• CyberScan Monitoring will monitor criminal websites, chat rooms, and bulletin boards for illegal selling or trading of your personal information;
• In the event of a confirmed identity theft, eligibility for reimbursement of up to $1,000,000 for out-of-pocket expenses is available; and
• Fully Managed Identity Theft Recovery Services will restore your identity to pre-theft status in the event you fall victim to identity theft.

All previously provided information regarding this event can be found here. 

Under U.S. law, a consumer is entitled to one free credit report annually from each of the three major credit reporting bureaus, Equifax, Experian, and TransUnion. To order your free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. You may also directly contact the three major credit reporting bureaus listed below to request a free copy of your credit report.

Consumers have the right to place an initial or extended “fraud alert” on a credit file at no cost. An initial fraud alert is a 1-year alert that is placed on a consumer’s credit file. Upon seeing a fraud alert display on a consumer’s credit file, a business is required to take steps to verify the consumer’s identity before extending new credit. If you are a victim of identity theft, you are entitled to an extended fraud alert, which is a fraud alert lasting seven years. Should you wish to place a fraud alert, please contact any one of the three major credit reporting bureaus listed below.

As an alternative to a fraud alert, consumers have the right to place a “credit freeze” on a credit report, which will prohibit a credit bureau from releasing information in the credit report without the consumer’s express authorization. The credit freeze is designed to prevent credit, loans, and services from being approved in your name without your consent. However, you should be aware that using a credit freeze to take control over who gets access to the personal and financial information in your credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or application you make regarding a new loan, credit, mortgage, or any other account involving the extension of credit. Pursuant to federal law, you cannot be charged to place or lift a credit freeze on your credit report. To request a security freeze, you will need to provide the following information:

1. Full name (including middle initial as well as Jr., Sr., II, III, etc.);

2. Social Security number;

3. Date of birth;

4. Addresses for the prior two to five years;

5. Proof of current address, such as a current utility bill or telephone bill;

6. A legible photocopy of a government-issued identification card (state driver’s license or ID card, etc.); and

7. A copy of either the police report, investigative report, or complaint to a law enforcement agency concerning identity theft if you are a victim of identity theft.
   

Should you wish to place a credit freeze, please contact the three major credit reporting bureaus listed below:

You may further educate yourself regarding identity theft, fraud alerts, credit freezes, and the steps you can take to protect your personal information by contacting the consumer reporting bureaus, the Federal Trade Commission, or your state Attorney General. The Federal Trade Commission may be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580; www.identitytheft.gov; 1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261. The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with them. You can obtain further information on how to file such a complaint by way of the contact information listed above. You have the right to file a police report if you ever experience identity theft or fraud. Please note that in order to file a report with law enforcement for identity theft, you will likely need to provide some proof that you have been a victim. Instances of known or suspected identity theft should also be reported to law enforcement and your state Attorney General. This notice has not been delayed by law enforcement.

Typically, credit reporting agencies do not have a credit report in a minor’s name. To find out if your minor has a credit report or to request a manual search for your minor’s Social Security number, each bureau has its own process. To learn more about these processes or request these services, you may contact the credit bureaus by phone or in writing or you may visit the below websites:

Under U.S. law, individuals are entitled to one free credit report annually from each of the three major credit reporting bureaus. To order your free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322- 8228. You may also contact the three major credit bureaus directly to request a free copy of your minor’s credit report, should they have established credit. You may wish to stagger your requests so that you receive a free report from one of the three credit bureaus every four months.

Consumers have the right to place an initial or extended “fraud alert” on a credit file at no cost. An initial fraud alert is a one-year alert that is placed on a consumer’s credit file. Upon seeing a fraud alert display on a consumer’s credit file, a business is required to take steps to verify the consumer’s identity before extending new credit. If your minor is a victim of identity theft, your minor is entitled to an extended fraud alert, which is a fraud alert lasting seven years. Should you wish to place a fraud alert, please contact any one of the three major credit reporting bureaus listed above.

Adults and minors, sixteen years or older, have the right to place a “credit freeze” on a credit report, which will prohibit a consumer reporting agency from releasing information in the credit report without express authorization. A parent or guardian also has the right to place a “credit freeze” on a minor’s credit report if the child is under the age of sixteen. This right includes proactively placing a “credit freeze” on a minor’s credit report if the minor is under sixteen years old. If the nationwide credit reporting agencies do not have a credit file on the minor, they will create one so they can freeze it. This record cannot be used for credit purposes. It is there to make sure the minor’s record is frozen and protected against potential identity theft and fraud. Pursuant to federal law, you cannot be charged to place or lift a credit freeze on a credit report. Should you wish to place a credit freeze on a credit file or proactively place a freeze on a minor’s credit report, please contact the major consumer reporting agencies listed above.

To request information about the existence of a credit file in your minor’s name, search for your minor’s Social Security number, please a credit freeze on your minor’s credit file, place a fraud alert on your minor’s credit report (if on exists), or request a copy of your minor’s credit report, you may be required to provide the following information:

• A copy of your driver’s license or another government issued identification cars, such as a state ID card, etc.;

• Proof of your address, such as a copy of a bank statement, utility bill, insurance statement, etc.;

• A copy of your minor dependent’s birth certificate;

• A copy of your minor dependent’s Social Security card;

• Your minor dependent’s full name, including middle initial and generation, such as JR, SR, II, III, etc.;

• Your minor dependent’s date of birth; and

• Previous address for the past two years.
  

Should you wish to place a credit freeze, please contact the three major credit reporting bureaus listed above.

You may further educate yourself regarding identity theft, fraud alerts, credit freezes, and the steps you can take to protect one’s personal information by contacting the consumer reporting bureaus, the Federal Trade Commission, or your state Attorney General. The Federal Trade Commission may be reached at: 600 Pennsylvania Avenue NW, Washington, D.C. 20580; www.identitytheft.gov; 1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261. The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with them. You can obtain further information on how to file such a complaint by way of the contact information listed above. You have the right to file a police report if you ever experience identity theft or fraud. Please note that in order to file a report with law enforcement for identity theft, you will likely need to provide some proof that you have been a victim. Instances of known or suspected identity theft should also be reported to law enforcement and your state Attorney General.

WEDNESDAY, JAN. 4, 2023 

WHAT TO KNOW

• The investigation into the November 2022 malicious ransomware attack is complete.

• In addition to the previously identified current and former staff information, NPS determined that driver’s license numbers for some staff members were also potentially impacted.

• NPS also determined that student information was impacted. NPS is placing a notation in all potentially impacted students’ electronic records in Infinite Campus.

• NPS continues to offer identity theft protection services to all potentially impacted individuals. We encourage you to enroll. 

• The services can be activated by calling the dedicated call center at (833) 896-6813, which is available Monday through Friday from 8 a.m. - 8 p.m. Central Time.

• Additional resources can also be found here.

NPS Families, 

Welcome back! We hope you had a fun and restful break and a great first day back to school. As we’ve been doing, we want to provide you information as we receive it regarding the November 2022 malicious ransomware attack. 

The investigation is complete, and this will be the final message about the event. Below is updated information regarding the ransomware attack. All previously provided information regarding this event can be found here.

In addition to the previously identified information, NPS can now confirm that driver’s license numbers for some current and former NPS staff may have been viewed or taken by the unauthorized actor.

NPS also determined that certain information related to current and former students was potentially impacted. NPS is placing notations in the electronic records in Infinite Campus for potentially impacted students. Those notations will describe the type of information that was potentially viewed or taken by the unauthorized actor. 

NPS remains unaware of any actual or attempted misuse of anyone’s personal information as a result of this event. Nevertheless, NPS encourages potentially affected individuals to review the steps one can take, which can be found here. NPS continues to offer identity theft protection services to all potentially impacted individuals for twelve (12) months, through IDX, the data breach and recovery services expert. More information about the services, which vary for adults and minors, can be found here. The services can be activated by calling the dedicated call center at (833) 896-6813, which is available Monday through Friday from 8 a.m. - 8 p.m. Central Time.

We acknowledge this has been challenging, and we thank you all for your understanding and patience throughout this event.

WEDNESDAY, NOV. 30, 2022

WHAT TO KNOW

• On the morning of November 4, 2022, NPS discovered it was the victim of a malicious ransomware attack.

• A subsequent investigation has determined that an unauthorized actor gained access to certain NPS systems, and that information contained on those systems may have been viewed or taken.

• NPS is offering identity theft protection services to all potentially impacted individuals.

• The services can be activated by calling the dedicated call center at (833) 896-6813, which will be available Monday through Friday from 8 a.m. - 8 p.m. Central Time, starting on Thursday, December 1, 2022 at 1:00 p.m., Central Time.

• Additional resources can also be found here.
  
  

NPS Families,

Before Thanksgiving, we provided additional information about the malicious ransomware attack we experienced earlier this month, including details about the type of personal information that is potentially impacted as a result of this event. As a reminder, the most up to date information regarding this event can be found here.

NPS remains unaware of any actual or attempted misuse of anyone’s personal information as a result of this event. Nevertheless, NPS encourages staff and families to remain vigilant against incidents of identity theft and fraud by reviewing account statements and credit reports for suspicious activity and to report any suspicious activity promptly to the corresponding bank or financial institution.

As an added precaution, NPS is also offering identity theft protection services to all potentially impacted individuals for twelve (12) months, through IDX, the data breach and recovery services expert. These services will be made available starting on Thursday, December 1, 2022 at 1:00 p.m. Central Time.

Below is a description of the services available to impacted individuals:

• Credit Monitoring Protection, which is only available to adults, monitors changes to your credit file;

• CyberScan Monitoring will monitor criminal websites, chat rooms, and bulletin boards for illegal selling or trading of your personal information;

• In the event of a confirmed identity theft, eligibility for reimbursement of up to $1,000,000 for out-of-pocket expenses is available; and

• Fully Managed Identity Theft Recovery Services will restore your identity to pre-theft status in the event you fall victim to identity theft.
  
  

The services can be activated by calling the dedicated call center at (833) 896-6813, which will be available Monday through Friday from 8 a.m. - 8 p.m. Central Time starting December 1, 2022 at 1:00 p.m. Central Time.

We want to thank you again for your patience and your support as we’ve worked through this challenging event. While we know this has been a challenging situation, we are grateful to be able to provide these resources to keep staff and families protected. 

WEDNESDAY, NOV. 23, 2022

WHAT TO KNOW

• On the morning of November 4, 2022, NPS discovered it was the victim of a malicious ransomware attack.

• A subsequent investigation has determined that an unauthorized actor gained access to certain NPS systems, and that information contained on those systems may have been viewed or taken.

• To date we have received no indication of any identity theft or fraud as a result of this event.

• NPS is offering identity theft protection services to all potentially impacted individuals.

• Additional resources can be found here. 

NPS Families, 

It has been our commitment from the start to keep you informed throughout this process. As we head into the Thanksgiving holiday, we wanted to give you the following updated information regarding the malicious ransomware attack that Norman Public Schools experienced on November 4, 2022. The most up to date information regarding this event can also be found here.

The confidentiality, privacy, and security of information in our care is one of the district’s highest priorities, and Norman Public Schools takes this event very seriously. Although, to date, we have received no indication of any identity theft or fraud as a result of this event, below is additional information about the event, our response, and resources available to you to help you protect your information, or your minor’s information, from possible misuse, should you feel it necessary to do so.

WHAT HAPPENED?
On the morning of November 4, 2022, NPS discovered it was the victim of a malicious ransomware attack. Upon learning of the event, NPS moved quickly to investigate and respond to the event, assess the security of our systems, and notify our staff, students, and parents of the event.

With the assistance of third-party data forensics and incident response specialists, we have been actively investigating to determine the full nature and scope of the event. At the same time, we have been cooperating with law enforcement. The investigation has determined that an unauthorized actor gained access to certain NPS systems, and that information contained on those systems may have been viewed or taken by the unauthorized actor. We began conducting a review of the data in our possession to identify individuals with personal information that was potentially impacted.

WHAT INFORMATION WAS INVOLVED?
NPS collects the following types of information relating to staff: names, addresses, Social Security numbers, and financial account numbers for payroll purposes. This information, which NPS collected from current and former NPS employees – including substitute teachers and summer staff – was potentially impacted. 

For the 2022-2023 school year, NPS collected names and Social Security numbers for enrollment purposes. Please note that not all families provided that information to NPS during enrollment. However, if provided to NPS for this year’s enrollment, Social Security numbers of students were also potentially impacted. The investigation is still underway to determine if other student information was potentially impacted.

Please note that NPS does not collect credit or debit card information from staff, parents, or students. Therefore, there is no reason to believe credit or debit card information was potentially viewed or taken by the unauthorized actor.

WHAT ARE WE DOING?
Upon discovering this event, NPS immediately launched an investigation and took steps to secure its systems and determine what personal data was at risk. As part of our ongoing commitment to the security of information in our care, NPS is reviewing existing policies and procedures and implementing additional safeguards.

Additionally, NPS is offering identity theft protection services to all potentially impacted individuals for twelve (12) months, through IDX, the data breach and recovery services expert. IDX identity protection services include credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed identity theft recovery services. With this protection, IDX will help you resolve issues if your identity is compromised.

These services will be made available starting next week in addition to a call center for support and assistance with enrolling in these services. We will supplement this notice with the appropriate information once the services are available.

WHAT CAN YOU DO?

NPS sincerely regrets any inconvenience this event may have caused. We encourage you to remain vigilant against incidents of identity theft and fraud by reviewing your account statements and credit reports for suspicious activity and to report any suspicious activity promptly to your bank or financial institution. Additional resources can be found here about steps that staff and families may take, should they feel it necessary to do so. Please note that the steps one can take to protect the information of adults over the age of 18 and minors may be different.

We continue to appreciate your support and patience as we work through this event and wish you all a safe and happy Thanksgiving. 

FRIDAY, NOV. 11 

WHAT TO KNOW

• As we shared with you last Friday, Norman Public Schools has been subject to a malicious ransomware attack. 

• Today, we began the process of restoring access to Mac devices. 

• Our teams will continue to work over the weekend to ensure this process continues Monday as smoothly as possible. 

NPS Families, 

As we shared with you last Friday, Norman Public Schools has been subject to a malicious ransomware attack. Our Technology Services team, working in conjunction with third-party data forensics and incident response specialists, are in the process of restoring network operations. Complete details can be found here: https://bit.ly/3EeIJ0x.

We began the process of restoring access to Mac devices today. We know there were intermittent delays or disruptions due to the restoration process, and we thank everyone for your patience as we continue to navigate this event and make progress. 

These delays may continue into next week, but our Technology Services team will work over the weekend to ensure restoration continues Monday as smoothly as possible. We are incredibly grateful to our team and our third-party partners for their diligence and hard work over the last week. Thanks to their efforts we’ve been able to continue to make progress toward restoring normal operations.

As more information becomes available, we will keep you updated.

THURSDAY, NOV. 10

WHAT TO KNOW

• As you know, on Friday, November 4, 2022, Norman Public Schools experienced a malicious ransomware attack. 

• At this time our teams believe the issue was limited to PC devices and Apple products were not affected.

• Students and staff should bring their NPS-issued Mac laptops to school fully charged tomorrow. 

• Upon login, additional security software will be installed on Mac devices automatically and you will be prompted to change your district password (Google account). Follow the instructions on screen to do so. You can change your password now by clicking here.

• A majority of our systems, including Infinite Campus, Canvas and Seesaw, will be available and back online Friday.
  
  

NPS Families, 

As we shared with you Friday, Norman Public Schools has been subject to a malicious ransomware attack. Our Technology Services team, working in conjunction with third-party data forensics and incident response specialists, are in the process of restoring network operations. Complete details can be found here: https://bit.ly/3EeIJ0x.

While the investigation into this event is ongoing, at this time our teams believe the issue was limited to PC devices and Apple products were not affected. 

As such, we are in the process of restoring access to Mac devices. In order to do so, security updates will be pushed to all NPS-issued Mac laptops and Mac desktop computers. Students and staff should bring their NPS-issued Mac laptops to school fully charged tomorrow. Upon starting up your Mac device it will connect to an NPS Wi-Fi network and additional security software will be installed automatically. You will then be able to access the internet as normal. 

As part of this ongoing network restoration process, some systems are being reset or restarted. Upon logging into your Mac you will be prompted to change your district password (Google account). Follow the instructions on screen to do so.  You can change your password now by clicking here.

A majority of our systems, including Infinite Campus, Canvas and Seesaw, will be available and back online Friday. You may experience some intermittent delays or disruptions with some programs as the restoration process continues. 

Again, we appreciate your patience and support throughout this process. We will continue to update you as more information becomes available.

WEDNESDAY, NOV. 9

WHAT TO KNOW

• As you know, on Friday, November 4, 2022, Norman Public Schools experienced a malicious ransomware attack. 

• It is now safe to use NPS-issued iOS or Android devices (iPhones, iPads, smartphones, tablets).

• It is now safe to access NPS-associated Google accounts (including Gmail, Google Docs, Google Drive, etc.) as long as it is not from an NPS-issued laptop or desktop computer (MacBooks, Windows laptops, etc). 
  

• For now, NPS-issued laptops and desktop computers should remain unused. 

• We do not expect any disruption to district payroll operations.
  
  

NPS Families,

We remain grateful for your patience and understanding as we continue to respond to the recent cybersecurity event. As we shared with you Friday, Norman Public Schools has been subject to a malicious ransomware attack. Complete details can be found here: https://bit.ly/3EeIJ0x.

Our Technology Services team, working in conjunction with third-party data forensics and incident response specialists, are in the process of restoring network operations. 

At this time, it is safe to use NPS-issued iOS or Android devices (iPhones, iPads, smartphones, tablets). For the time being, NPS-issued laptops and desktop computers (MacBooks, Windows laptops, etc) should remain unused, however our teams are in the process of restoring access for these devices and we are optimistic normal use and access will be restored soon. 

It is also safe for students, staff, and parents to access NPS-associated Google accounts and Google Suite applications (Gmail, Google Docs, Google Drive, etc.) as long as it is not from an NPS-issued laptop or desktop computer (MacBooks, Windows laptops, etc). 

Additionally, we are pleased to report that the district financial team does not expect any disruptions to our normal payroll process. 

As part of this ongoing network restoration process, some systems are being reset or restarted. In some cases this has caused some minor disruptions, such as irregular bells or intercom activity at schools. We appreciate your patience as we continue to work through these issues. 

Our students and staff have been fantastic in adapting to these circumstances and we are so proud of the way everyone has handled this situation. Thank you again for your patience and support, and we will continue to keep you updated as more information becomes available. 

SUNDAY, NOV. 7, 2022

WHAT TO KNOW

• On Friday, November 4, 2022, Norman Public Schools experienced a malicious ransomware attack. 

• Our teams are working around the clock alongside third-party data forensics and incident response specialists to investigate and resolve this issue. 

• School will be in session Monday, however instruction will take place without devices or connectivity for the time being. 

• 

Out of an abundance of caution, you should not use your NPS-issued devices and should not connect them to home or any other networks. Shut them down and leave them off until we advise otherwise. There is no need to bring devices to school.

• It is our commitment to parents and staff to keep you updated and informed throughout this process. 

NPS Families, 

We are grateful for your patience and understanding as we respond to a cybersecurity issue. As we shared with you Friday, Norman Public Schools has been subject to a malicious ransomware attack. 

Upon discovering this event, our Technology Services team immediately took action to mitigate the attack and isolate the damage. In addition to our standing technology partners, our counsel has retained third-party data forensics and incident response specialists to work to resolve this issue. We are also cooperating with federal law enforcement.

District and school staff have worked throughout the weekend to ensure our students’ educational experience remains as normal as possible in the coming days. School will be in session Monday, however we anticipate that instruction will take place without devices or connectivity Monday and potentially beyond. 

We will be very understanding with students in terms of deadlines, assignments, procedures and grades as we know they have been impacted by this event. We are very grateful to our staff for their hard work and professionalism as we prepare to adapt to this event. 

At this time our guidance for device usage has not changed. 

Out of an abundance of caution, you should not use your NPS-issued devices and should not connect them to home or any other networks. Shut them down and leave them off until we advise otherwise. As such there is no need to bring devices to school. 

We understand that you likely have additional questions, and we are committed to providing you information in a timely manner. It is our commitment to parents and staff that we will keep you updated and informed throughout this process as we are able.

We appreciate your patience and continued support as we navigate this very fluid and challenging situation.

FRIDAY, NOV. 4, 2022

NPS Parents,

Our NPS networks are currently experiencing a malicious ransomware attack. Our Technology Services team is hard at work to resolve the issue, including collaborating with our third party cyber security experts and law enforcement, but we anticipate this will be a significant disruption.



In the meantime, out of an abundance of caution, you should not use your NPS-issued devices and should not connect them to home or any other networks. Shut them down and leave them off until we advise otherwise.

We will keep you informed throughout this process as we get more information and have next steps. We appreciate your patience as we work to resolve this issue.