East Multnomah County’s Centennial schools slowly recovering from cyber attack

By Rob Manning (OPB)
May 12, 2021 10:23 p.m.

After an “unknown actor” seized control of files in the east Multnomah County school district’s computer systems last month, Centennial School District officials say they’ve been able to bring some systems back online.

The website is back up, but you’ll have to poke around to find any mention of the cyber intrusion that paralyzed the Centennial School District’s computer systems for the last few weeks.

Officials have said the source of their technological troubles was a ransomware attack discovered by information technology staff on April 26. IT staff responded by shutting down district systems while they investigated what might have been compromised. With the help of an outside technology firm, Centennial has been digging through its systems to find out what data has been lost and what can be restored.


Officials now say they’re methodically turning systems back on.

“We now have our email back, and students and teachers will have access to the online learning platforms beginning today [Wednesday] and tomorrow [Thursday],” Centennial chief communications officer Carol Fenstermacher said in an email to OPB.

Fenstermacher said the restoration required an examination of every “computer and laptop” used by district staff. Student Chromebooks weren’t affected, Fenstermacher said, but staff had to change passwords to regain access. And some systems aren’t running yet.

As the 6,700-student district in east Multnomah County brings systems back online, officials there are sharing few details about the attack itself or whether the district has been in touch with the people responsible. When asked if Centennial agreed to pay a ransom, as the Roseburg Public Schools did three years ago when disabled by a similar intrusion, Fenstermacher didn’t have an answer.


“At this point I don’t know. It’s still an open police/legal case,” Fenstermacher said in an email.

Like schools across Oregon and in much of the country, Centennial has been leaning heavily on technology to continue to provide hybrid and distance instruction during the COVID-19 pandemic. The district had to shift quickly to offering paper packets, among other changes, to replace the unavailable digital technology.

Federal authorities have been warning for months of an apparent increase in malicious attempts to access school technology systems.

“Malicious cyber actors are targeting school computer systems, slowing access, and rendering the systems inaccessible to basic functions, including remote learning. In some instances, ransomware actors stole and threatened to leak confidential student data unless institutions paid a ransom,” the federal Cybersecurity and Infrastructure Security Agency reported in a memo titled “Cyber Threats To K-12 Remote Learning Education.”

Centennial has said its most sensitive data, such as private student information and payroll data, were housed outside of district computer systems.

Officials at the Oregon Department of Education said Centennial is the only district they’re aware of to suffer a cyber attack since distance learning began last year. ODE also said it didn’t play a role in Centennial’s recovery from the incident.

But as the regulators of the state’s public schools, ODE will be reviewing a waiver request from Centennial, to allow it to fall below the state’s minimum required instructional hours.

“The waiver will be heard by the State Board of Education on Thursday, May 20,” ODE said in an email.