NORMAN, Okla. (KFOR) – It appears a ransomware attack on Norman Public Schools from earlier this month was done by a well-known hacking group that has earned millions in extortion deals.

The group is called Hive.

Law enforcement groups, including the FBI, said Hive has “victimized over 1,300 companies worldwide, receiving approximately US$100 million in ransom payments.”

Local media outlets received an email from the hackers this week.

It detailed the contents of the hack.

An anonymous representative of Hive said the group stole:

  • Contracts, NDA and other agreements
  • Budgets, plans, evaluations
  • Employee and student info, including social security numbers, emails, addresses, phone numbers, insurance info

The group said they “offered to protect this data and keep this incident private,” but now they are going public.  

It appears Hive is trying to collect money from Norman Public Schools.

“We haven’t received any offer from them, also we haven’t seen any intention from NPS management to make a deal,” said the email.

On Wednesday, NPS released a statement to their district acknowledging that social security numbers could have been impacted by the ransomware attack.

“If provided to NPS for this year’s enrollment, Social Security numbers of students were also potentially impacted,” said NPS in their statement. The full statement can be read here.

When the school first learned of the ransomware attack, Wes Moody, Public Information Officer for Norman Public Schools said it “will be a significant disruption.”

This week the school district is telling parents and staff that it is “offering identity theft protection services to all potentially impacted individuals for twelve months.”

NPS said the services will be available starting next week.