In March 2025, Cherokee County School District (CCSD) suffered a ransomware attack by the Interlock group, compromising the personal data of 46,119 individuals, including students, parents, and staff. The breach exposed highly sensitive information such as Social Security numbers, driver’s license numbers, passport numbers, financial account details, and health data. The attackers, Interlock, claimed to have stolen 624 GB of data, including tax documents, employee records, and financial information, causing widespread network disruptions for two weeks. The incident marks the largest ransomware-driven data breach in the US education sector this year, surpassing previous attacks like School District Five of Lexington and Richland Counties (31,475 affected). While CCSD restored its IT systems, the long-term risks—such as identity theft, financial fraud, and reputational damage—remain severe. The district offered multi-year credit monitoring via TransUnion to affected individuals. Interlock, active since October 2024, has targeted eight education providers in 2025 alone, stealing 56 TB of data across 28 confirmed attacks and impacting nearly 4.5 million records globally.
TPRM report: https://www.rankiteo.com/company/cherokee-county-schools
"id": "che3332533090925",
"linkid": "cherokee-county-schools",
"type": "Ransomware",
"date": "10/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': '46,119 individuals',
'industry': 'education (K-12)',
'location': 'Cherokee County, South Carolina, USA',
'name': 'Cherokee County School District (CCSD)',
'size': '~8,000 students; 9 elementary schools, 3 '
'middle schools, 2 high schools',
'type': 'public school district'}],
'attack_vector': 'ransomware',
'customer_advisories': ['complimentary multi-year credit monitoring via '
'TransUnion'],
'data_breach': {'data_encryption': True,
'data_exfiltration': True,
'file_types_exposed': ['documents', 'databases (likely)'],
'number_of_records_exposed': '46,119',
'personally_identifiable_information': True,
'sensitivity_of_data': 'high (includes SSNs, financial info, '
'health data)',
'type_of_data_compromised': ['personally identifiable '
'information (PII)',
'financial data',
'health data',
'tax documents',
'employee records']},
'date_detected': '2025-03-15',
'description': 'Cherokee County School District (CCSD) suffered a ransomware '
'attack on March 15, 2025, leading to a data breach affecting '
'46,119 individuals. The compromised data includes names, '
'Social Security numbers, driver’s license numbers, passport '
'numbers, financial account information, and certain health '
'data. The attack, claimed by the ransomware group Interlock, '
'resulted in the theft of 624 GB of data, including tax '
'documents, employee data, and financial information. The '
'incident caused widespread disruptions across the district’s '
'network for approximately two weeks. CCSD engaged law '
'enforcement and IT security experts to restore operations and '
'is offering complimentary credit monitoring services to '
'affected individuals.',
'impact': {'brand_reputation_impact': 'potential reputational damage due to '
'largest education sector breach of the '
'year',
'data_compromised': ['names',
'Social Security numbers',
'driver’s license numbers',
'passport numbers',
'financial account information',
'health data',
'tax documents',
'employee data'],
'downtime': '2 weeks',
'identity_theft_risk': 'high (due to exposure of PII and financial '
'data)',
'operational_impact': 'widespread disruptions across the '
'district’s network',
'payment_information_risk': 'high (financial account information '
'compromised)',
'systems_affected': ['district’s IT network']},
'initial_access_broker': {'high_value_targets': ['tax documents',
'employee data',
'financial information']},
'investigation_status': 'ongoing (assessing impacted records)',
'motivation': 'financial gain (ransom demand)',
'ransomware': {'data_encryption': True, 'data_exfiltration': True},
'references': [{'source': 'Cherokee County School District Public Statement'},
{'source': 'Cybersecurity News Report on Interlock Ransomware '
'Attacks'}],
'response': {'communication_strategy': ['public statement',
'direct engagement with affected '
'individuals',
'credit monitoring services via '
'TransUnion'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'recovery_measures': ['IT environment essentially fully '
'restored'],
'remediation_measures': ['engaged IT security experts',
'restored IT environment'],
'third_party_assistance': ['federal law enforcement',
'state law enforcement',
'leading IT security experts']},
'stakeholder_advisories': ['direct engagement with affected CCSD community '
'members'],
'threat_actor': 'Interlock',
'title': 'Cherokee County School District Data Breach via Ransomware Attack',
'type': ['data breach', 'ransomware attack']}