Cyberattacks have become common towards schools. To expose our own student and staff data. In the Tracy Unified School District, we have been a victim of a cyber-attack. In most cases cyberattacks aren’t a mass operation such as movies depict but they are still organized and harmful.
The director of Information Systems and Educational Technology, Tom Quiambao, sent an email to the staff of the TUSD district. He informed the first measure of precaution was informing staff which was the most affected by this that clicking on a link and putting their TUSD credentials made their accounts and data vulnerable. The malicious email received is called a “Password Harvest Email.” This means it collected credentials for future attacks. All TUSD online services were shut down from 5:30 pm on March 30th, 2026, to 7:00 am on March 31st, 2026.
As a precaution there was a mass reset for the passwords of staff accounts. They had specific requirements such as 12 characters to make them especially safe. This reset helped protect the districts’ tech systems and was a good safety measure.
In total, there were around 3000 emails sent around the district. A total of about 400 users clicked the link, and 100 users typed in their TUSD email and password. As a reminder if only one person is a compromised user, the complete system could be cyber attacked. This is particularly important to know that your own actions could cause a district wide to shut down and a large-scale problem.
Mr. Quiambao the Director of ISET gave a direct list on how to identify malignant emails
1. Are you expecting an email from the sender?
2. Does the link in the email look suspicious?
3. If there is a link, place your mouse on the link to see where the link will go if you click it. DO NOT click the link. Just hover over it.
4. If you are using your phone, long press the link without releasing your finger from the screen. Then you will see where the link would go.
5. The malicious login website URL ends with “.top” rather than “.com” or “.org”
This serves as a reminder of how quickly technology has moved and even with a strong security attack like these are still possible to happen. They can be used to data mine private information about members of this district therefore it is important to know how to prevent them and how to quickly shut them down and resolve them. The consequences of this attack that affected our school were an extension of the block schedule and extra cautiousness for staff.
