Infinite Campus DDoS attack impedes access to student data

The latest DDoS wave to strike the system is "50 times greater" than previous attacks.
Written by Charlie Osborne, Contributing Writer

Infinite Campus, one of the largest student information management systems used by schools in America, is coping with the latest in a string of Distributed Denial-of-Service (DDoS) attacks.

Infinite Campus is used by parents across the US to access their children's class schedules, attendance records, and grades.

Over the last week, Infinite Campus has borne the brunt of a DDoS attack which has prevented parents from using the portal -- and this has not been the first time the firm has been targeted.

In a statement, the company said the latest DDoS attack's "volume is 50 times greater and the duration is already 100 times longer than anything we've experienced before."

At the time of writing, the IT services provider's website is inaccessible.

CNET: Ajit Pai blames Obama administration over FCC DDoS attack that didn't happen

Parents and guardians have reported experiencing limited or no access to student information through the service. However, Infinite Campus is keen to emphasize that no student data has been compromised or stolen during the attack.

Oklahoma City Public Schools (OKCPS), which caters for roughly 45,000 students, is among those impacted by the DDoS attack.

"Access to your student's information through the parent portal may be limited or inaccessible due to the "denial of service" attack on our provider, Infinite Campus," OKCPS said. "Please note that NO student data was stolen or breached. This attack just causes the service to be very slow or unresponsive. Many districts across the country are impacted and authorities are investigating."

TechRepublic: Simple ways to avoid malware on all your devices

The latest DDoS attack began on September 17, striking "multiple customers and data centers," according to the company.

Infinite Campus was able to fend off the initial DDoS wave, but then the individuals behind the campaign changed up their tactics and decided to go after the company's DNS provider instead to continue disrupting the portal.

See also: Woman pleads guilty to hacking police surveillance cameras

According to Infinite Campus, other businesses and organizations are now also being affected due to the change in attack vector.

The company added that its data centers are "frequently under attack from a variety of sources."

Homeland Security is now investigating the matter and Infinity Campus has hired security experts in a bid to track down those responsible.

It is not known who may be responsible for the DDoS campaign.

Recent research suggests that students may be behind many of the DDoS attacks educational establishments suffer, with incidents surging during term time and dropping during the holidays.

The worst cyberattacks undertaken by nation-state hackers

Previous and related coverage

Editorial standards