2020-11-30 Stride, Inc. Cybersecurity Incident

Page last updated on April 11, 2024

Stride, Inc. initially disclosed a cybersecurity incident in an SEC 8-K filing on 2020-11-30 17:28:23 EST.

Incident Details

Material: Unknown
Is Breach: Unknown
Records Compromised: Unknown
Data Types Impacted: No Data Types Tracked (yet)

Compromised Date:
Detected Date:
Disclosure Date: 2020-11-30
Contained Date:
Recovered Date:

Attack Goal: Unknown

Costs: No Costs Tracked (yet)

Filings

8-K filed on 2020-11-30

Stride, Inc. filed an 8-K at 2020-11-30 17:28:23 EST
Accession Number: 0001104659-20-130599

Item 7.01 Regulation FD Disclosure.

K12 Inc. (“Stride” or “we”) - to be Stride, Inc. effective December 16, 2020 - announced the detection of unauthorized activity on its network, which has since been confirmed as a criminal attack in the form of ransomware.

Upon identifying unusual system activity, we quickly initiated our response, taking steps to contain the threat and lock down impacted systems, notifying federal law enforcement authorities, and working with an industry-leading third-party forensics team to investigate and assist with the incident. Importantly, students at the schools we serve continue to learn. Based on our investigation to date, the attack did not affect the Learning Management System (“LMS”) that is used to deliver educational content to students and to host student accounts - no data on the LMS was compromised nor has the delivery of services over the LMS been interrupted in any way. Our client schools - charter and district online schools - are still open, operating, and secure, as they have been since the start of the pandemic. Additionally, all major corporate systems - including payroll, accounting, enrollment, financial reporting, procurement, and shipping - have remained operational through this incident.

We do believe that the attacker accessed certain parts of our corporate back-office systems, including some student and employee information on those systems, but it will take further time to determine the scope of the information accessed.

We carry insurance, including cyber insurance, which we believe to be commensurate with our size and the nature of our operations. We have already worked with our cyber insurance provider to make a payment to the ransomware attacker, as a proactive and preventive step to ensure that the information obtained by the attacker from our systems will not be released on the Internet or otherwise disclosed. While there is always a risk that the threat actor will not adhere to negotiated terms, based on the specific characteristics of the case, and the guidance we have received about the attack and the threat actor, we believe the payment was a reasonable measure to take in order to prevent misuse of any information the attacker obtained.

Stride considers the security and integrity of our systems and network among our top priorities, particularly considering the large shift this year to remote learning and work due to COVID-19. While no company can ever eliminate the risk of a cyberattack, we are working extensively with an industry-leading third-party forensics firm to ensure that we are taking all appropriate steps to prevent any incident like this from happening again.

In addition, as part of our response to this incident, we have assembled a team of advisors on data security compliance, including former United States Attorneys and state Attorneys General with experience in handling criminal cyberattacks, and other technical advisors. The team includes Catherine Hanaway, former US Attorney for the Eastern District of Missouri; William Lockyer, former California state Attorney General; and John Byron (J.B.) Van Hollen, former Wisconsin state Attorney General and former US Attorney for the Western District of Wisconsin. The team will assist in guiding our efforts in response to this incident, including compliance with state and federal laws, continued cooperation with law enforcement, and communications with outside parties concerning the incident.

This investigation is active and ongoing and our systems are operating with minimal impact. Based on the information currently known and our investigation to date, we do not believe the incident will have a material impact on our business, operations or financial results.

The information set forth in this Item 7.01, including Exhibit 99.1, is being furnished and shall not be deemed “filed” for purposes of Section 18 of the Securities Exchange Act of 1934, as amended (the “Exchange Act”), or otherwise subject to the liabilities of that section. The information set forth in this Item 7.01, including Exhibit 99.1, shall not be deemed incorporated by reference into any other filing under the Securities Act of 1933, as amended, or the Exchange Act, except as shall be expressly set forth by specific reference in such a filing.

Company Information