August cyber incident at Bellflower schools in California
pBellflower Unified said phone and network disruptions began in early August followed by a monthslong forensic review and a later unconfirmed Rhysida claimppBellflower Unified School District publicly identified a network security incident in August 2025 after phone and internet outages hit campuses but the disruption appears to have received little independent media attentionppBellflower Unified School District said an early August cybersecurity incident began after IT staff detected anomalous activity in its network environment prompting the district to remediate systems rebuild a secure network and restore operations The district later said many network services were inoperable for a brief period but it has since returned to full operationsppThe district had publicly identified the problem as securityrelated by Aug 5 In a staff update that day Bellflower said internet and phone service had been down since Aug 4 and that as a precautionary measure following a network security incident certain systems had been taken offline to protect the network In separate public messages to families on Aug 5 district officials said phone lines were down at the district office and all schools then later said phone service had been restored The districts incident page later said the outage affected onpremises servers and not cloudbased databasesppBy Aug 8 the district told staff it had encountered technical issues in its network that included isolated unusual activity and said IT personnel and outside partners were working through internal security protocols to assess the scope of the problem Staff were told to disconnect from wired ethernet use a temporary guest network and remain cautious about suspicious links and attachmentspp
Chip in once
If this reporting helped you a onetime tip helps cover hosting tools and future investigations
pp
Support us monthly
A small monthly pledge keeps independent coverage and our reader tools online for everyone
ppDistrict officials said they retained an independent thirdparty forensic team notified the FBI and the US Department of Homeland Security and implemented additional firewall credential and other security policy changes while the review continued The district said it had not found evidence of further anomalous activityppBellflower also said sensitive staff and student data is stored in separate externally hosted systems that were not impacted by the event and by late September said it had no indication that sensitive student parent or employee data was accessed or acquired In an Oct 30 update however the district said it was aware of an allegation that certain district data had been removed from the network environment while continuing to say its assessment was ongoing Bellflower did not publicly identify a threat actor or describe the incident as ransomwareppLeaksite trackers later recorded a claim by the Rhysida ransomware group against Bellflower Unified on Oct 28 but that attribution has not been confirmed by the district or law enforcement and remains an unverified criminal claimppThe district issued followup notices dated Aug 5 Aug 8 Aug 11 Aug 18 Sept 26 and Oct 30 indicating the incident required months of updates even after internet access and core functionality were largely restored On Aug 11 Bellflower said all sites had internet access again most functionality had been restored and passwords had been reset for security purposesppBellflower Unified publicly identified the incident as securityrelated within days and continued issuing updates as the review unfolded but the case appears to have received little or no independent media coverage That left much of the public record to the districts own disclosures with later leaksite tracking adding only an unconfirmed criminal claimppBellflower Unified serves about 10000 students across 15 schools in southeastern Los Angeles County according to district state and federal education listingsppA collaborative project to bring you the latest cyberattacks impacting the availability of services and goods in the United Statespp
Local reporting later found the July 2025 attack knocked out email and parking kiosks and ended in a 500000 insurancebacked settlement
pp
Officials said the city isolated the threat while Leon County cut a network connection as a precaution and warned of possible outages tied to shared applications
pp
Officials say the threat was detected early and contained before it could become a more serious incident
pp
City says missing records inaccessible systems and wiped devices found after an administrative transition prompted requests for state and federal help
pp
District officials said an outside actor accessed some systems prompting a shutdown that canceled classes child care and afterschool programs Monday
pp
How we use documented disruption and DDCIT to focus on US incidents that actually break services
pp
How cyber breach statements reassure the public without saying much at all
pp
This is an opinion column from DysruptionHub publisher Joseph Topping about attribution and local news coverage of cyberattacks It departs from our usual incident reports and analysis
Golf Manor Ohio
pp
How a Reddit theory CTI echo chamber and a vanished article show why cyber incidents need verification
pp
A year of lost records stalled home sales and hard lessons in local government cybersecurity
ppppGreat Check your inbox and click the linkppSorry something went wrong Please try againpp
District officials said an outside actor accessed some systems prompting a shutdown that canceled classes child care and afterschool programs Monday
pp
The district said it is responding to unauthorized activity on its network but officials have not yet detailed what systems or services were disrupted
pp
Districtwide Gmail WiFi and internet disruptions have continued since Monday and officials still have not confirmed the cause
pp
The company said it disabled certain customerfacing services after an unauthorized actor accessed an employee Salesforce account
pp
Local reporting later found the July 2025 attack knocked out email and parking kiosks and ended in a 500000 insurancebacked settlement
pp
Officials said the city isolated the threat while Leon County cut a network connection as a precaution and warned of possible outages tied to shared applications
pp
Officials say the threat was detected early and contained before it could become a more serious incident
pp
District officials said an outside actor accessed some systems prompting a shutdown that canceled classes child care and afterschool programs Monday
p
Chip in once
If this reporting helped you a onetime tip helps cover hosting tools and future investigations
pp
Support us monthly
A small monthly pledge keeps independent coverage and our reader tools online for everyone
ppDistrict officials said they retained an independent thirdparty forensic team notified the FBI and the US Department of Homeland Security and implemented additional firewall credential and other security policy changes while the review continued The district said it had not found evidence of further anomalous activityppBellflower also said sensitive staff and student data is stored in separate externally hosted systems that were not impacted by the event and by late September said it had no indication that sensitive student parent or employee data was accessed or acquired In an Oct 30 update however the district said it was aware of an allegation that certain district data had been removed from the network environment while continuing to say its assessment was ongoing Bellflower did not publicly identify a threat actor or describe the incident as ransomwareppLeaksite trackers later recorded a claim by the Rhysida ransomware group against Bellflower Unified on Oct 28 but that attribution has not been confirmed by the district or law enforcement and remains an unverified criminal claimppThe district issued followup notices dated Aug 5 Aug 8 Aug 11 Aug 18 Sept 26 and Oct 30 indicating the incident required months of updates even after internet access and core functionality were largely restored On Aug 11 Bellflower said all sites had internet access again most functionality had been restored and passwords had been reset for security purposesppBellflower Unified publicly identified the incident as securityrelated within days and continued issuing updates as the review unfolded but the case appears to have received little or no independent media coverage That left much of the public record to the districts own disclosures with later leaksite tracking adding only an unconfirmed criminal claimppBellflower Unified serves about 10000 students across 15 schools in southeastern Los Angeles County according to district state and federal education listingsppA collaborative project to bring you the latest cyberattacks impacting the availability of services and goods in the United Statespp
Local reporting later found the July 2025 attack knocked out email and parking kiosks and ended in a 500000 insurancebacked settlement
pp
Officials said the city isolated the threat while Leon County cut a network connection as a precaution and warned of possible outages tied to shared applications
pp
Officials say the threat was detected early and contained before it could become a more serious incident
pp
City says missing records inaccessible systems and wiped devices found after an administrative transition prompted requests for state and federal help
pp
District officials said an outside actor accessed some systems prompting a shutdown that canceled classes child care and afterschool programs Monday
pp
How we use documented disruption and DDCIT to focus on US incidents that actually break services
pp
How cyber breach statements reassure the public without saying much at all
pp
This is an opinion column from DysruptionHub publisher Joseph Topping about attribution and local news coverage of cyberattacks It departs from our usual incident reports and analysis
Golf Manor Ohio
pp
How a Reddit theory CTI echo chamber and a vanished article show why cyber incidents need verification
pp
A year of lost records stalled home sales and hard lessons in local government cybersecurity
ppppGreat Check your inbox and click the linkppSorry something went wrong Please try againpp
District officials said an outside actor accessed some systems prompting a shutdown that canceled classes child care and afterschool programs Monday
pp
The district said it is responding to unauthorized activity on its network but officials have not yet detailed what systems or services were disrupted
pp
Districtwide Gmail WiFi and internet disruptions have continued since Monday and officials still have not confirmed the cause
pp
The company said it disabled certain customerfacing services after an unauthorized actor accessed an employee Salesforce account
pp
Local reporting later found the July 2025 attack knocked out email and parking kiosks and ended in a 500000 insurancebacked settlement
pp
Officials said the city isolated the threat while Leon County cut a network connection as a precaution and warned of possible outages tied to shared applications
pp
Officials say the threat was detected early and contained before it could become a more serious incident
pp
District officials said an outside actor accessed some systems prompting a shutdown that canceled classes child care and afterschool programs Monday
p
