Orangeburg County School District Issues Vendor Payment Notice
UPDATE 4/12/2021: In coordination with law enforcement and the forensic analysts, the investigation and report is scheduled to be released to our insurance provider on May 12, 2021, and checks will be issued the following week. For vendors who have already provided ACH or wire transfer information, payment will be remitted through that channel. OCSD is working hard to make sure that payments are remitted as soon as possible.
ORANGEBURG, SC — Orangeburg Count School District ("OCSD") is notifying district vendors of a data security incident. This incident has impacted the security of our financial systems and our ability to remit payments for submitted invoices, and the district is providing vendors with information regarding steps taken, and what will happen in the coming months.
OCSD immediately began an investigation after finding ransomware in its system, including hiring independent information security and technology ("I.T.") experts to assist with forensic investigation and incident response, and authorities were alerted to initiate a criminal investigation. Prelimiary findings show that this was an extension of the attack of the district's financial technologies provider. During the attack, an isolated group of servers and computers were encrypted, interrupting access to budgets, accounts, and payment processing systems. Together with forensic experts, the district terminated the cybercriminals' access to the distric's systems. However, the systems remain encrypted, limiting the district's ability to remit payments to vendors in the near-term.
OCSD is fully insured for cybersecurity threats, and a complete and thorough forensic investigation is well underway with an estimated completion date towards the end of March. Upon submission to our insurance provider, the district will be issuring payment requests so that checks can be sent to vendors to settle any outstanding invoices. Vendors should expect to receive checks during the first week of April.
What OCSD Is Doing
In addition to the I.T. security measures already in place, OCSD has upgraded its firewall firmware, added additional anti-virus and web-filtering software, instituted multifactor authentication, increased Wi-Fi network traffic monitoring, updated internal policies and procedures, and installed real-time intrusion detection and response software on all workstations and servers that access the district's network. OCSD is also assessing further options to enhance its protocols and controls, technology, and training.
OCSD's relationship with its vendors are extremely valuable, and the district hopes to continue its long-standing relationship of stability, trust, and promptness. We understand that, especially during these trying times, timely payments are more important than ever to maintain continuity in your business. OCSD is working hard to make sure that payments are remitted as soon as possible.
OCSD has a strong commitment to protect the relationship with its vendors, and is taking additional steps to enhance data security going forward. OCSD apologizes for any concern this situation has caused to its vendors. Although OCSD cannot provide additional details pertaining to this attack, payment status updates will be communicated through each vendor's point of contact (the employee who facilitated the purchasing process for your estimate and invoice).