San Felipe-Del Rio Consolidated Independent School District in Del Rio, Texas, said most of its in-network systems, including internet and phone service, went down following what it described as “suspicious e-mail activity,” though telephone service was restored and schools remained open.
In a March 19 update, the district said its technology team and a Regional Security Operations Center continued monitoring in-network systems for suspicious activity as crews worked to restore remaining internal services.
In its March 18 notice, the district said it detected suspicious email activity that afternoon and took immediate action with the Regional Security Operations Center, which it described as the district’s internet monitoring agency. It said telephone service was restored by the time of the release and it hoped remaining services would be restored late the following morning, though it did not provide a firm estimate for full restoration.
The Texas Department of Information Resources has described RSOCs as state-backed regional security operations centers hosted at public universities that provide monitoring and incident-response support for eligible local entities, including independent school districts.
In both statements, officials said schools would continue normal operations and they did not expect interruptions to classes. The district also said transportation services were not affected and would operate on a normal schedule.
The district’s notices did not describe the incident as ransomware or say whether any data was accessed or taken. The district has not said who was responsible, and no group has publicly claimed the incident. The district did not respond to an email from DysruptionHub seeking additional details.
Chip in once
If this reporting helped you, a one-time tip helps cover hosting, tools and future investigations.
Support us monthly
A small monthly pledge keeps independent coverage and our reader tools online for everyone.
Aside from the district’s statements and reposts by local outlets, no additional details about the cause or scope of the disruption were publicly available.
San Felipe-Del Rio CISD serves about 9,875 students in and around Del Rio, a border city in Val Verde County.
In 2020, DataBreaches.net reported the district was targeted in a business email compromise scheme involving an electronic funds transfer sent to a fraudulent account instead of the intended recipient, highlighting how frequently schools are targeted through email-based fraud.
The limited disclosure in the current disruption follows a broader pattern in Texas school incidents, where districts describe operational impacts and recovery steps while withholding technical specifics as investigations and restoration work continue.
Recent examples include Valley View ISD, which told families it was responding to a “cybersecurity incident” affecting computer systems and phone lines while classes continued; Eanes ISD, where an early-December disruption was addressed publicly in broad terms as schools worked through connectivity issues; and Clarksville ISD, which reported a districtwide outage and advised staff and students to avoid network-connected devices as restoration work continued.
In each case, ransomware or leak-site claims later circulated online, but none of the districts publicly acknowledged the corresponding claims or provided details that would independently verify them. One district’s public explanation did not use cyber terminology, instead citing a power-related cause. The examples help explain why the public record in cases like this can remain thin: early updates prioritize continuity and safety, while districts and their advisers often limit technical specifics until restoration and forensics support firm conclusions.
San Felipe-Del Rio CISD has not said whether it plans to bring in outside forensics or law enforcement.
