Governor’s STEM council hacked in international ransomware attack

Legislation proposed by Gov. Kim Reynolds would expand taxpayer support for non-public schools. (Photo courtesy of the Governor's STEM Advisory Council)

An international ransomware attack this spring included a contractor for the Governor’s STEM Advisory Council, which promotes education in computer coding and other tech fields. 

The council was a victim in the same attack that included the Iowa State Foundation.

Jeff Weld is the executive director of the Governor’s STEM Advisory Council. (Photo courtesy of the council)

In a letter to the council, Director Jeff Weld and Associate Director Carrie Rankin said the hackers may have gained access to personal information such as email addresses, phone numbers and giving records. No bank information or social security numbers were stored in the system. 

The council’s contractor, Blackbaud, paid the ransom in return for confirmation the hackers had destroyed the records they took. Blackbaud has worked to change its systems to guard against future cybercrimes, Weld and Rankin said. 

“Blackbaud has confirmed through testing by multiple third parties, including the appropriate platform vendors, that their fix withstands all known attack tactics,” Weld and Rankin wrote. “Additionally, they are accelerating efforts to further harden their environment through enhancements to access management, network segmentation, deployment of additional endpoint and network-based platforms.”

The incident occurred between Feb. 7 and May 20.

“Based on the nature of the incident, their research, and third party (including law enforcement) investigation, we have no reason to believe that any data went beyond the cybercriminal, was or will be misused, or will be disseminated or otherwise made available publicly,” the administrators wrote in a letter dated Aug. 13.

They added: “This is a stark reminder of the value of computer scientists, information technologists, cyber-security experts and other professionals upon whom we all rely in keeping us safe. Through strong STEM/computer science education we will inspire more young Iowans to grow into these vital roles. For that we are grateful for your partnership.”

The Iowa State Foundation confirmed a similar attack in July. The same attack included a range of nonprofits and universities, including Auburn University Foundation, Middlebury College and the UK National Trust