What happened
Evanston Township High School (ETHS) District 202 in Illinois has been impacted by a ransomware attack that disrupted access to district systems, internet services, and computer infrastructure. The incident was discovered on June 7, prompting the district to activate its incident response procedures and engage external cybersecurity experts and legal counsel specializing in cyber breaches.
As a result of the attack, ETHS closed the campus on June 8 and June 9, canceling all summer school classes, sports camps, and other on-campus activities scheduled during that period. District officials said they are working to determine whether any information was accessed or acquired while restoring normal operations. The district is also cooperating with the FBI as part of the ongoing investigation.
The full scope of the incident has not yet been disclosed, and the district continues to provide updates as recovery efforts progress.
Who is affected
The disruption affects students, parents, faculty, staff, and summer program participants across the district. Summer school classes and athletic camps were canceled, while access to online resources and school systems has been significantly limited.
District phone systems became unavailable, and staff members experienced restricted access to email and network resources. According to the district, employees were instructed to work remotely where possible, and password resets were implemented as a precautionary security measure. Families also faced disruptions accessing educational tools and student information platforms.
Why CISOs should care
The ETHS incident highlights how ransomware attacks continue to affect organizations beyond traditional enterprise targets. Educational institutions remain attractive targets because they manage large volumes of sensitive data while often operating with limited cybersecurity resources.
The attack also demonstrates how cyber incidents can rapidly disrupt core operations. In this case, educational services, communications systems, and extracurricular programs were all affected within hours of the attack’s discovery.
For CISOs, the event serves as another reminder that operational continuity planning is just as important as threat prevention. Organizations need clear response procedures, external incident-response partnerships, and tested recovery plans that can be activated immediately when critical systems become unavailable.
3 practical actions
- Review ransomware readiness plans and validate that business continuity procedures can support critical operations during prolonged outages.
- Test communication alternatives to ensure employees, customers, and stakeholders can receive updates if email and phone systems become unavailable.
- Conduct recovery exercises involving executive leadership, IT teams, legal counsel, and external incident-response partners to identify gaps before a real-world attack occurs.
