The district鈥檚 new chief thought spring was too late for such a drastic move: Parents had already made plans for the fall term.

鈥淚 thought, 鈥榃hy are you closing a school right now? 鈥� 鈥� Dorland said. 鈥� We鈥檙e preparing for next year.鈥�

Enrollment at , a school in Arvada, outside Denver, hovered around 100 students 鈥� representing a 45% drop since 2017. Some grade levels had dwindled to a single classroom and the district was losing money on basic services like busing and lunch. Most extracurricular programs had disappeared.

But closing schools was 鈥減olitical suicide,鈥� Dorland thought.

Then she started visiting classrooms herself. 鈥淲e had families deciding to leave these small schools even though they loved them,鈥� she said. 

Since her arrival, Jeffco has shuttered 16 schools. Four more are slated to close at the end of the school year.

School communities forced to say goodbye to legacy institutions go through something akin to the stages of grief. Residents with emotional ties to schools their parents and grandparents attended frequently push back. But Dorland has earned respect for a straightforward approach to a process leaders will confront in the coming years. While implementing a daunting closure plan, she didn鈥檛 ignore the human cost, assigning staff members to ease both principals and families through the transition.

鈥淎 lot of people don鈥檛 have that muscle 鈥� to just look someone in the eye and say, 鈥業 know this is devastating, but I鈥檓 looking at the district as a whole,鈥� ” said Trace Faust, senior project director at the Keystone Policy Center, a Colorado nonprofit that held community meetings to discuss the closures. “That鈥檚 a bold thing to do, and that鈥檚 what districts need right now.鈥�

In Colorado, as in much of the nation, experts chalk up enrollment declines to a drop in birth rates and housing prices that remain out of reach for most young families. The 鈥済ateway to the Rockies鈥� is such a desirable place to live that older after their children grow up, leaving fewer houses on the market. 

A need to grieve

At Fitzmorris Elementary, one first grade class had just five students. Small schools lacked their own music and physical education teachers. And afterschool providers canceled programs because only a handful of students signed up.

After a second last-minute vote to shut down Fitzmorris in the spring of 2022, board members decided they could no longer address closures piecemeal. The district recommended shutting down 16 schools and held a series of community meetings before casting a final, unanimous vote in November. The timing gave families the rest of the school year to absorb what the changes would mean for their children.

But some of those gatherings didn鈥檛 get off to a great start. With talk of 鈥渞e-envisioning鈥� schools and the benefits of consolidation, the staff from Keystone was several steps ahead of the community 鈥� even 鈥渢one deaf鈥� to parents鈥� concerns, Dorland said. 

Faust agreed those first meetings 鈥渉onestly missed the mark. The community needed to grieve and needed to be mad.鈥�

That鈥檚 when principals began to take a larger role in the conversations. School leaders could 鈥済et the room back together if things were going sideways,鈥� Faust said. Some stationed themselves in their school libraries for days to talk to parents one on one.

What Dorland didn鈥檛 want, however, was parents coming to the forums hoping to get leaders to reconsider. 

鈥淚 don’t believe in pretending like communities have a choice when they don’t,鈥� she said.

鈥楧on鈥檛 want a mass exodus鈥�

That left some parents feeling shut out. Families from Kullerstrand Elementary, a Title I school in the Jeffco city of Wheat Ridge, wrote letters and protested at public hearings.

鈥淭heir minds were already made up, which was really sad,鈥� said Kim St. Martin, Kullerstand鈥檚 former PTA president. 

After the board鈥檚 latest vote in October to this spring, some parents threatened to leave the district. 

鈥淭hat’s a tricky situation, because we don’t want a mass exodus,鈥� said LaVerne Manzanares, a former reading specialist who now helps families with children attending new schools.

Michael Zweifel, a former principal whose school, New Classical Academy at Vivian, was one of those closed, also shifted to a new role. She began supporting administrators at 鈥渞eceiving鈥� schools that suddenly had to accommodate more cars in their parking lots and students in the lunch line. They鈥檝e opened up spots on school leadership committees for teachers from closing schools, and held ice cream socials, movie nights and picnics for families to meet.

The closures were especially jarring for families in Wheat Ridge, a tight-knit community between Denver and the Rockies. The district closed three of the small city鈥檚 elementary schools, sparking anxiety about the future of its local high school. 

Alanna Ritchie, whose first grader attended Wilmore-Davis Elementary, was among who wanted Wheat Ridge city council members to pressure district leaders to change their minds. During a September 2022 council meeting, she warned the mergers could lead to the opposite problem 鈥� overcrowding 鈥� and that some of the receiving schools couldn鈥檛 accommodate additional traffic.

The convenience of walking to school is a 鈥渞ight鈥� that was being 鈥渞ipped away from our own children,鈥� she said. 鈥淪mall, connected neighborhood schools 鈥� it’s what defines us as a true community.鈥�

St. Martin, the former Kullerstrand PTA president, still gets choked up over losing her neighborhood school. It was important to her, she said, that her children attended a more racially diverse school. Now they attend predominantly white Prospect Valley Elementary.

鈥淪elfishly, I loved my relationships,鈥� she added. 鈥淵ou could talk to any teacher.鈥� 

鈥楧ay and night contrast鈥�

While some parents wish they could have had more say over which schools closed, experts say Dorland鈥檚 plan was better than leaving families in limbo. Brian Eschbacher, an enrollment consultant, said the uncompromising way she managed the closures is a 鈥渘ight and day contrast鈥� to how Denver Public Schools, her previous employer, handled a similar issue.

Denver leaders a definitive list of schools to be closed last school year. They from the community, but ultimately abandoned a closure plan in the face of emotional appeals from parents.

Denver鈥檚 union-backed school board placed a lot of the blame for enrollment loss on . But Eschbacher, who previously led planning and enrollment services for the district, said the city has contributed to enrollment decline by continuing to approve construction of luxury that don鈥檛 attract families with young children. 

鈥淚 always tell boards, 鈥楾his is outside of your control. This is about births and housing, and you don’t control either,鈥� 鈥� he said.

Meanwhile, the challenges that defined Dorland鈥檚 early tenure aren鈥檛 over. Her plan to close two K-8 schools 鈥� Arvada and Coal Creek 鈥� has strong opponents, including Danielle Varda, the only person on the five-member board to vote against closure. She thinks the decision to shut down the two schools was rushed. Closing Arvada K-8 will cause further disruption for students who have been through previous mergers, she told the board. The district would also have to expand programs for English learners and immigrants at other schools when Arvada K-8 already offers those services.

鈥淭his plan perpetuates systemic oppression that these families have faced much of their lives,鈥� she said.

Dorland acknowledges that parents in Wheat Ridge, where families have lived for generations, are 鈥減robably still angry.鈥� She wishes she had done more to help city and county officials understand why the district couldn鈥檛 put off closing schools any longer. But once the decision was made, the consolidation process moved quickly.

鈥淲e had run out of runway,鈥� she said, 鈥渁nd we had to take off.鈥�

鈥淚鈥檓 so sorry to tell you this but unfortunately your private information has been leaked,鈥� read the email, sent to Hecht in the middle of the night Oct. 25 from an account tied to a school district in California. Attached were PDFs with personal information about her daughters including their names, photographs and the home address where they鈥檇 just spent the night asleep. 

鈥淏e careful out there,鈥� the cryptic message warned. 鈥淒on鈥檛 shoot the messenger!鈥�

Some 200,000 similar student profiles had been leaked, the email claimed, following a recent cyberattack on Clark County School District, the nation鈥檚 fifth-largest district and where Hecht鈥檚 three daughters are enrolled. But the message, she鈥檇 soon learn, was not from a California student but from the student鈥檚 email account, which had also been compromised. An unidentified, publicity-hungry hacker was using it as a 鈥渂urner鈥� account to brazenly extort Clark County schools by frightening district parents directly.

鈥淚 put my child on the bus and then immediately called the district,鈥� Hecht told 社区黑料. 鈥淚 called the school, they transferred me to the district, the district transferred me to their IT department, who then transferred me to the help desk. I have yet to hear anything back.鈥�

The Clark County threat actors claim their in-your-face tactics, which apparently involve not just direct outreach to parents, but also to media outlets, is already being used against at least one other district. Also distinct from other recent K-12 ransomware attacks, including high-profile incidents in Los Angeles and Minneapolis, the Vegas school district hackers claimed to use weak passwords 鈥� in this case students鈥� dates of birth 鈥� and flimsy Google Workspace file-sharing practices. Deploying those relatively low-tech incursions allowed them to gain access to reams of sensitive files, including students鈥� special education records. 

Schools nationwide rely heavily on Google Workspace to create, and share records and the methods the hacker used to exploit district systems, a cybersecurity expert said, offer valuable lessons for all of them. 

鈥淭his is not going to qualify as sophisticated hacking,鈥� said Doug Levin, the national director of the K12 Cybersecurity Information eXchange, and is perhaps a sort of brand-building exercise. 鈥淕iven that they reached out to the media鈥� and have demanded payments smaller than those typically leveraged by ransomware gangs, 鈥渋t seems they may be more interested in publicity and reputation than they are money.鈥�

For Las Vegas educators, the hack has already brought significant consequences, including a class-action lawsuit and to resign. 

Clark County school leaders on Oct. 16 that they became aware of a 鈥渃ybersecurity incident鈥� on Oct. 5, noting in that it was 鈥渃ooperating with the FBI as they investigate the incident鈥� and that such attacks against schools have become routine. 鈥淩est assured that we will share information as it becomes available so everyone is informed and can respond to protect personal information.鈥�

When contacted by 社区黑料, a Clark County spokesperson declined to comment further and shared a copy of the district鈥檚 previous statement. 

Yet as Hecht and others accuse the district of failing to inform parents about the extent of records stolen, much of the information being revealed about the data breach has come from the threat actor themselves, including taunts that they were still in Clark County鈥檚 computer systems. In two follow-up emails shared with 社区黑料, Hecht was sent web links that purportedly included troves of sensitive information about students including disciplinary records and test scores. 

In an Oct. 26 message to Hecht, threat actors this time used a Clark County student鈥檚 email address 鈥渢o show how much of a joke their IT security is and to show how seriously they are taking this.鈥� 

Beyond outreach to parents, the hacker 鈥� which could be one or multiple people 鈥� on Oct. 25 without solicitation, first communicating with a reporter via Facebook. Identifying themselves as 鈥淪ingularityMD (the hacker team),鈥� the threat actor disputed Clark County鈥檚 statement that it had detected 鈥渁 security issue鈥� on its own and that district leaders had only become aware after the hackers sent an email 鈥渢o tell them we had been in their network for a few months.鈥� 

A hack with TikTok origins

Perhaps between the hacker and a cybersecurity researcher at the blog DataBreaches.net, where the threat actor divulged their techniques and offered advice on how other districts can protect themselves. 

In recent years, cybercriminals have gravitated toward 鈥渄ouble-extortion ransomware鈥� schemes, where they gain access to a victim鈥檚 computer network, often through a download compromising records and lock the files with an encryption key. Criminals then demand the victim pay a ransom to unlock the files and stop them from being posted online. Yet in this case, the threat actors appear to have skipped past the first part and are employing an extortion strategy that centers exclusively on holding students鈥� sensitive information hostage. 

For years, the 325,000-student Clark County district, whose systems were also breached in 2020, has reportedly reset all students鈥� passwords to their birth date at the beginning of each academic year. Using a student鈥檚 date of birth as a password has . In the case of Las Vegas schools, hackers claim the breach began on TikTok, where a student shared their birth date. The student used their district email address to create a TikTok account and their student ID became their username on the social media platform. 

Once the hacker used that information to compromise the student鈥檚 account, they claim to have exploited poor data-sharing practices in the district鈥檚 Google Workspace to access the sensitive files. The compromised account was used to access information available to any student, which in turn offered records that allowed the hacker to escalate the breach until they were able to access administrative files. 

鈥淕oogle groups and google drives, if not configured correctly will expose teachers and staff files and conversations,鈥� the hacker told DataBreaches.net. 鈥淚n rare instances teachers have created shared drives and given the google group access to this drive. So if one was to add themselves to the group, they can then also access the drive contents. Nothing fancy at all.鈥�

Schools are particularly easy targets because so many students have access to a district鈥檚 computer network, the hacker noted, with a word of advice: 鈥淚 would recommend school districts separate the student network from the teacher network to make this process harder for teams like us.鈥� 

The same technique, , was used recently to compromise records maintained by Jeffco Public Schools in suburban Denver. In Nevada, SingularityMD says it demanded a ransom of roughly $100,000 versus just $15,000 from the 77,000-student Colorado district.

Federal law enforcement officials generally advise cybersecurity victims against paying ransoms, which can embolden hackers and spur future attacks. In the last year, ransomware attacks against the , according to a recent report by the nonprofit Institute for Security and Technology, which observed an uptick in incidents immediately after hackers succeeded in securing payments. 

Levin said the hacker鈥檚 breach methods should set off alarm bells for educators nationwide, with 鈥渧irtually every school in the U.S.鈥� relying on cloud-based suites, like Google Workspace, to create and share content internally, with parents and with the public. 

鈥淚t鈥檚 very easy to overshare information and grant rights for people who shouldn’t be able to see this information,鈥� Levin said. 鈥淭hat鈥檚 what it looks like happened in Clark County is they got access to some student accounts, found some shared folders and in the shared folders was more sensitive information that allowed them to escalate privileges and get to even more sensitive information.鈥� 

Google spokesperson Ross Richendrfer said in an email that as districts become 鈥渁 top target鈥� for cybercriminals, 鈥渢here鈥檚 not just one way that attackers attempt to infiltrate schools.鈥� This particular incident, he said, was 鈥渢he result of compromised passwords and configuration issues at the user/admin level.鈥� 

He pointed to the company鈥檚 , which notes that while Google products 鈥渁re built secure by default, it is critical that admins also properly use and configure networks and systems to ensure security.鈥� The guidance also recommends that districts train teachers and staff on best practices around file sharing. 

In response to an email request, a Jeffco Public Schools spokesperson shared acknowledging the breach, which noted that staff members had received 鈥渁larming email messages from an external cybersecurity threat actor.鈥� The district is working with outside cybersecurity experts and the police to determine the scope and credibility of the attack. 

With respect to the emails from the California student, it appears the hacker used a compromised account associated with the roughly 4,440-student Coalinga-Huron Unified School District in Fresno County merely to communicate with other victims. The threat actor said that compromised student email addresses are used as 鈥渂urner accounts鈥� when they are not useful in escalating permissions beyond the student level. 

Still, the district has conducted an assessment of its systems to ensure that it also hasn鈥檛 become the victim of a data breach, Superintendent Lori Villanueva told 社区黑料. She said the student鈥檚 email address was used to send four emails, which were then deleted. 

鈥淲e canceled that email account, we set up a new one for the student, and we鈥檙e just running our own diagnostics to make sure there was no other unusual activity,鈥� Villanueva said. Allowing students to choose their own passwords can have drawbacks, she said, if they settle on weak credentials. 鈥淢y people have been in contact with the Clark County school district and are trying to cooperate with them as much as we can but we鈥檙e really limited to that one tiny piece of information.鈥� 

Never before had she experienced an incident where a student鈥檚 email address was compromised and exploited in such a major way, she said. 

鈥淣othing this widespread, nothing in another state, nothing this big,鈥� she said. 鈥淔or our little neck of the woods here, this was a little crazy.鈥� 

Reputational damage

For Hecht, the Las Vegas mom, the cyberattack in Clark County is deeply personal. In fact, she has a hypothesis about why she, in particular, received direct communication from the hackers. 

In 2021, of numerous news reports when she contracted COVID and never recovered. 

鈥淭he only thing I can think of is somebody knows that I鈥檓 not quiet, that I will talk,鈥� she said. If the hacker鈥檚 goal was to get Hecht fired up, it worked. The district, she said, needs to be held accountable for a failure to protect her children. Still, she said she hasn鈥檛 been able to get any answers from school administrators. 

鈥淚鈥檝e emailed the superintendent and I just continue to call that helpline,鈥� she said 鈥淣othing. Nobody has responded. I can鈥檛 even get through, it just rings and rings and rings. To me, that tells me there are so many parents calling.鈥�

Hecht said she has since retained a lawyer, and a pair of other parents have already filed a class-action lawsuit against the district. The Oct. 31 complaint accuses Clark County schools of negligence, particularly in the wake of the 2020 ransomware attack. The lawsuit alleges the district has refused 鈥渢o fully disclose any details of the attack and what data were accessed and were available for third parties to exploit.鈥� 

鈥淲e think the district should be held accountable for their failures and ideally they will be able to make a more secure network in the future and anyone who has been subject to these data breaches will get the proper identity protection provided by the district at a minimum,鈥� attorney Steve Hackett, who represents the families, told 社区黑料.

Among those calling for Superintendent Yara to resign is Nevada Assembly Speaker Steve Yeager, who with nontransparency.

In an email, a district spokesperson said that individuals found to be affected by the breach will receive data breach notifications in the mail and declined to comment on whether it had, or planned to, pay the ransom. The after the 2020 breach led hackers to release Social Security numbers, student grades and other private information. 

鈥淎s the investigation continues, we are committed to cooperating with agencies responsible for finding the responsible party and holding them accountable,鈥� the statement said. 

The district also offered a sharp rebuttal to calls for Jara鈥檚 resignation, specifically referring to with the local teachers union: 鈥淪uperintendent Jara will remain superintendent as long as the Board of Trustees desires him to do so,鈥� the statement continued 鈥淣o bullying pressure, harassment or coordination with the leadership of the Clark County Education Association will deter him from his job to educate over 300,000 students and protect taxpayer resources from those who wish to harm the district or its finances.鈥� 

Hecht said the release of sensitive files, like medical records and special education reports, is particularly concerning, with implications extending far beyond those of Social Security numbers and financial records. She offered a message of her own directly to the hackers. 

鈥淚t worries me because this stuff is going to follow them for life,鈥� she said. 鈥淟ook, I know that our district is not great, but if you鈥檙e going to go against the district, don鈥檛 take our kids down with you. They did nothing wrong.鈥�