SAN BENITO — The San Benito school district’s former technology director is appealing his termination following a cyber extortion ring’s breach of the computer system that’s left more than 20,000 employees’ and students’ personal information open for theft on the dark web.
Last week, Todd English filed his appeal days after the school board voted to fire him without cause following his grievance hearing, his attorney John Shergold said.
“The truth will come out — it always does,” Shergold said Tuesday.
Grievance claim
After a Feb. 16 closed-door meeting, school board members voted to fire English without cause after rejecting Shergold’s request made under the Texas Open Meetings Act to publicly present the grievance before the meeting’s audience.
In his grievance, English claims Servellon suspended him on Nov. 15 for reporting the cyberattack to her and district Police Chief Juan Sosa on Nov. 3, Shergold said.
English, who discovered the breach on Nov. 1, also contacted the FBI, he said.
Meanwhile, district spokeswoman Isabel Gonzalez has dismissed English’s allegations as “fictitious claims.”
”Mr. English responded by filing an employee grievance against the district which nonsensically implies that he was ‘retaliated against’ for reporting the incident to Chief Juan Sosa of the San Benito CISD police department,” Gonzalez stated in a previous statement.
“As a matter of policy, the district generally does not provide specific information regarding personnel matters,” Gonzalez stated. “However, given that Mr. English has shared his grievance publicly, the district feels compelled to unequivocally state that his fabricated accusations are wholly untrue and meritless.”
Appeal filed
On Feb. 20, English, who had served as the district’s technology director for more than a year, appealed the school board’s decision.
“If the school district does not reinstate Mr. English, he’ll have his day in court,” Shergold said. “The facts will come out in front of a jury.”
Meanwhile, Gonzalez stated officials decline comment on “personnel matters.”
Breach timetable disputed
On Tuesday, Shergold said English disputed the district’s information detailing the technology system’s initial breach.
In December, district officials stated they discovered the security breach on Nov. 1.
At the time, Cameron County District Attorney Luis Saenz confirmed the Karakurt cyber data extortion group’s “really sophisticated hack” breached the district’s technology network.
Following their investigation, district officials found the hackers first breached the technology system on April 8.
“It was determined that an unauthorized party gained access to the district’s network and took certain files from the district’s servers prior to Nov. 1,” Leonila Pena, the district’s executive director of student support services, told the school board during a presentation into the investigation’s findings in January.
“The unauthorized cybercriminals intermittently accessed our network between April 8, 2022, and Oct. 10, 2022,” she said.
On Tuesday, Shergold said district officials were “incorrect.”
“Mr. English denies that assertion 100 percent. The district publicly announced the attack did not occur until Nov. 1, 2022,” he said, referring to the district’s initial report.
Background
The hackers placed the district’s stolen data including Social Security numbers and bank account information on their website in the dark web, Pena said.
On a government website, the FBI and the Cybersecurity and Infrastructure Security Agency warn Karakurt places its stolen personal information on the dark web, where the group makes it openly available.
During his investigation, Saenz described the security breach as the biggest his office has probed, involving the first school district.
The breach led to the theft of current and former employees’ personal information along with students’ confidential data, officials said.
On Dec. 30, district officials began mailing 21,653 letters to victims’ last-known addresses, including those of 12,080 children after identifying them, Gonzalez stated.
Citing the law, Lynn Sessions, an attorney with Houston-based Baker Hostetler, told school board members the district had 60 days to notify victims, starting Dec. 16.
Officials have taken steps to bolster the district’s cybersecurity, Pena said.
