K12 Inc. said late Monday it was a recent victim of cybercriminals and has agreed to pay a ransom while a forensics team investigates the extent of the breach.
said it detected unauthorized activity on its network, which was later confirmed as a cyberattack in the form of ransomware, or when a hacker freezes, or threatens to freeze, or release a compromised system’s digital assets until a ransom is paid. The online learning site said it has already made plans to pay the unspecified ransom after consulting with its insurance provider as a proactive step to prevent its information from being released on the internet.
“While there is always a risk that the threat actor will not adhere to negotiated terms, based on the specific characteristics of the case, and the guidance we have received about the attack and the threat actor, we believe the payment was a reasonable measure to take in order to prevent misuse of any information the attacker obtained,” K12 said in a statement.
K12 is having an unspecified third-party forensics team investigating the breach, which affected “certain parts of our corporate back-office systems, including some student and employee information on those systems,” but that it will take time to find out what exactly was affected.
The company said its name will officially change to “Stride Inc.” on Dec. 16 but still retain its current ticker.
Back in October, K12 reported a surprise profit for its first fiscal quarter, topping Wall Street estimates, as the COVID-19 pandemic has forced millions to online learning. Shares closed down 1.8% Monday at $23.33, and were up 0.3% after hours.