When Evanston Township High School students walk through the doors on August 17, the familiar click of a working Chromebook or the smooth login to a class portal is no longer a given. In a July 16 email to families, Superintendent Marcus Campbell warned that the ongoing recovery from a June 7 ransomware attack means “some of the tools, processes, and timelines our families and staff have come to expect will not yet look or function as they have in the past.” Classes will resume, but the digital scaffolding of school life remains under reconstruction.

It is a blunt message from a district that has spent the summer triaging technology instead of refining lesson plans. The attack forced a two-day campus closure in early June, canceled summer programs, and triggered a months-long effort to review, reimage, or replace every district-issued device. Now, with the first day of school looming, ETHS is asking its community to brace for a semester that may feel less like a normal start and more like a phased technology rollout.

What Actually Changed

The ransomware strike disrupted internet services, phone systems, and computer infrastructure across the district. ETHS shut down buildings on June 8 and 9, as first reported by CBS Chicago and ABC7. Staff lost access to email, online platforms, and emergency communications. While the physical campus reopened after two days, the technology environment remained in pieces.

Internal recovery guidance obtained by the district reveals the depth of the disruption. Staff were ordered not to use their desktop workstations until cleared by the Information and Instructional Technology team. Every district-owned Windows and Mac laptop had to be turned in for review, reimaging, and security clearance. Employees received temporary devices while their assigned hardware was processed. The mandate left no room for shortcuts: a laptop that appeared functional could still harbor malicious persistence, risky browser sessions, or stale credentials, so the district erased doubt by wiping every endpoint.

Identity controls also received a hard reset. ETHS forced password changes for all staff Google accounts and barred reuse of previous passwords. Two-step verification remained mandatory. The district did not disclose whether these measures were in response to a confirmed credential compromise or were simply a conservative containment step, but the result is the same: no one is logging in with an old password.

At the data level, the picture remains murky. A district spokesperson told the Evanston RoundTable that external cybersecurity experts are still investigating whether attackers accessed any personal information. There are no definite findings yet, and ETHS will notify affected individuals only if the investigation determines that the law requires it. The district has not publicly attributed the attack to a specific threat group, confirmed data exfiltration, discussed a ransom demand, or said whether any payment was made.

What It Means for You

Families and Students

No re-enrollment is required. The district promises that back-to-school communications will explain any new processes and tools. But students and parents should prepare for unfamiliar workflows from day one. Campbell’s email hinted at “new technology platforms” and “updated back-to-school procedures,” though it did not specify which platforms are changing or whether the changes are permanent.

In practical terms, this could mean anything from a different learning management system to a redesigned parent portal. Services that families rely on for schedules, lunch payments, transportation, and grade tracking may return in phases, not all at once. If a digital process fails on the first day, the school will likely have manual alternatives, but parents should not be surprised by confusion or delays. The district is asking for patience while the new systems bed in.

The unresolved data investigation adds a layer of anxiety. There is no evidence yet that student or family records were stolen, but the possibility has not been ruled out. Parents should monitor official district updates and be prepared for a notification if the investigation’s conclusion changes. In the meantime, families should practice good cyber hygiene—watch for suspicious emails, avoid reusing school passwords elsewhere, and talk to students about not sharing credentials.

Teachers and Staff

For educators and administrators, the back-to-school experience will be a stark departure from routine. The device swap alone has likely consumed hours of work time, and many staff members will be teaching or managing operations on unfamiliar temporary laptops. Once their original devices are returned, they may need to reinstall software and reconfigure settings, all while running a classroom.

The password reset and forced two-factor authentication are security wins, but they also introduce friction. Every staff member who used a school email address for a third-party service now needs to update those logins. Lessons that depended on specific tools or cloud storage may need to be rebuilt if those services are not yet restored. Campbell’s email acknowledged these challenges without sugarcoating them: some timelines will not “look or function” normally.

IT Administrators at Other Schools

The ETHS case provides a real-world playbook for school IT teams. First, the district treated endpoint trust as a condition to be re-earned, not assumed. Rather than simply running antivirus scans, ETHS reimaged every device. That is a disruptive but defensible choice, because an attacker with a foothold on a single laptop can rarely be evicted with a scanner alone.

Second, the password reset across cloud accounts, combined with maintained multi-factor authentication, shows that identity was treated as a recovery boundary, not a separate problem. Other districts should note that ETHS did not wait for proof of credential theft before acting.

Third, the district communicated the disruption before the school year, rather than surprising families at registration. That transparency buys goodwill and reduces the chaotic support calls that can overwhelm a fragile IT team during the first week.

Finally, the investigation’s silence on attribution and data theft is a reminder that certainty comes slowly. School boards and leadership often face pressure to declare an incident resolved, but a premature statement can create legal and reputational risk if new facts emerge.

How We Got Here

The timeline is now etched into the district’s institutional memory. On June 7, a ransomware attack encrypted or disrupted systems across ETHS. The district closed campus operations on June 8 and 9, canceling summer school, sports camps, and other activities because it could not safely operate key services. CBS Chicago and ABC7 reported that phones and emergency communications were among the casualties.

By mid-June, the district had resumed on-site activities but warned that technology access remained limited. Staff were told that email, online platforms, and student information systems would be partially unavailable. The recovery project expanded quietly over the following weeks, shifting from incident response to a full-blown technology rebuild. On July 16, Campbell’s email made the consequences public, framing the summer work as both a restoration and a modernization effort.

Throughout July and early August, the district’s published cybersecurity incident page has been the primary source for status updates. It confirms that recovery work is ongoing and that normal access to systems has no firm restoration date. That page has not changed its core message since mid-July, suggesting that IT staff are racing an immovable deadline without a clear finish line.

What to Do Now

If You’re an ETHS Parent or Student

Check the district’s website and your email inbox regularly for back-to-school communications expected in the coming days. Look for official messages that name specific platforms, login procedures, and dates. If something looks unfamiliar, don’t assume it’s phishing—but verify through a known phone number before clicking any links.

Prepare your student for a transitional period. There may be analog workarounds for the first days, and the school’s tech support will likely be overwhelmed. Pack a notebook and pen while digital systems stabilize.

Guard your personal data. Even if the investigation ultimately finds no evidence of theft, treat the next few months as a higher-risk window. Monitor credit reports for your student if they have a Social Security number, and watch for unusual account activity.

If You’re an ETHS Staff Member

Follow the device-turn-in instructions to the letter. Using an uncleared laptop could retrigger a containment response and jeopardize the recovery timeline. If you’ve been issued a temporary device, treat it as your primary tool and report any suspicious behavior immediately.

Begin inventorying your cloud-connected workflows now. Which services did you link to your school Google account? Which files live only on your old device? Document those dependencies so that you can rebuild them efficiently once your cleared hardware is returned.

Be patient with the IT team. They have likely been working seven-day weeks since June. Your understanding will directly shape how smoothly the first weeks go for students.

If You’re an IT Administrator Elsewhere

Audit your endpoint trust model today. The ETHS reimaging requirement is extreme, but the principle applies universally: can you prove that every device on your network is clean, or are you relying on detective scans that may miss sophisticated persistence?

Review your incident communication plan. The silence from ETHS on certain details—ransom demand, threat actor, data theft—is legally cautious but also frustrating. A predefined template that tells stakeholders what you can and cannot disclose, and when, prevents ad hoc messaging under stress.

Test your cloud identity controls. A forced password reset for all staff is disruptive, but it can be scripted and communicated in advance. If you haven’t rehearsed a scenario where every user needs a new password and re-enrollment in MFA, schedule a tabletop exercise now. The back-to-school season leaves no margin for learning on the job.

Outlook

The first day of class on August 17 will be the most visible test of ETHS’s recovery, but the deeper story will play out over the following weeks. The success of new technology platforms and phased service restoration will depend on how well the district’s coming communications prepare users for what they’ll actually see. If families log in to find portals they don’t recognize, the help desk will be the new front line.

More quietly, the data investigation will reach its conclusion. Whether that means a clean bill of health or a wave of notification letters, the outcome will shape the district’s reputation long after the technology is rebuilt. ETHS has chosen to face the start of school with candor rather than false optimism. Now it must deliver on that promise—one device, one login, and one classroom at a time.