North Georgia Christian Academy, a private Christian school in Ellijay, Georgia, suffered a ransomware attack on April 29, 2025, orchestrated by the group SAFEPAY. The attackers exfiltrated 28 GB of sensitive data, including names, dates of birth, driver’s license numbers, Social Security numbers, and medical information, which was later leaked on the dark web (May 17, 2025). The breach was discovered only after a prolonged investigation (confirmed October 31, 2025), with notifications sent to affected individuals on November 18, 2025. The exposed data poses severe risks of identity theft, financial fraud, and long-term privacy violations for students, staff, and associated individuals. The school offered identity theft protection services, but the breach’s scale and sensitivity of the leaked data particularly SSNs and medical records heighten the potential for widespread harm, including fraudulent account openings, medical identity theft, and targeted phishing scams. Legal firms are pursuing class-action lawsuits for compensation, citing negligence in safeguarding personal data.
Source: https://www.claimdepot.com/investigations/north-georgia-christian-academy-data-breach-2025
Endeavor Schools cybersecurity rating report: https://www.rankiteo.com/company/endeavor-schools
"id": "END3215232112525",
"linkid": "endeavor-schools",
"type": "Ransomware",
"date": "4/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Education (K-12)',
'location': 'Ellijay, Georgia, USA',
'name': 'North Georgia Christian Academy',
'type': 'Private Educational Institution'}],
'attack_vector': 'Ransomware',
'customer_advisories': 'Notification letters mailed to impacted individuals '
'on 2025-11-18, advising them of the breach and '
'offering identity theft protection services.',
'data_breach': {'data_exfiltration': 'Yes (28 GB of data exfiltrated and '
'posted on the dark web)',
'personally_identifiable_information': ['Names',
'Dates of birth',
"Driver's license "
'numbers',
'Social Security '
'numbers'],
'sensitivity_of_data': "High (includes SSNs, driver's license "
'numbers, and medical records)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Medical Information']},
'date_detected': '2025-10-31',
'date_publicly_disclosed': '2025-11-18',
'description': 'North Georgia Christian Academy, a private Christian school '
'in Ellijay, Georgia, experienced a ransomware attack '
'allegedly carried out by the SAFEPAY group. The attackers '
'claimed to have exfiltrated 28 GB of sensitive data, '
'including personally identifiable information (PII) such as '
"names, dates of birth, driver's license numbers, Social "
'Security numbers, and medical information. The breach was '
'discovered on October 31, 2025, after an investigation with '
'external cybersecurity professionals. The stolen data was '
'later posted on the dark web on May 17, 2025. Affected '
'individuals were notified via mail on November 18, 2025.',
'impact': {'brand_reputation_impact': 'High (potential loss of trust due to '
'exposure of sensitive student and '
'staff data)',
'data_compromised': ['Names',
'Dates of birth',
"Driver's license numbers",
'Social Security numbers',
'Medical information'],
'identity_theft_risk': "High (exposure of SSNs, driver's license "
'numbers, and medical information)',
'legal_liabilities': 'Potential (lawsuits filed by affected '
'individuals seeking compensation)'},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes (28 GB of data posted '
'on the dark web on '
'2025-05-17)'},
'investigation_status': 'Completed (external investigation concluded; '
'notifications sent to affected individuals)',
'motivation': 'Financial (ransomware extortion)',
'ransomware': {'data_exfiltration': 'Yes (28 GB of data exfiltrated)'},
'recommendations': ['Sign up for free identity theft protection services if '
'offered by North Georgia Christian Academy.',
'Monitor financial accounts carefully for suspicious '
'activity or unauthorized transactions.',
'Place a fraud alert on credit reports to prevent '
'unauthorized account openings.',
'Request free annual credit reports from major credit '
'bureaus.',
'Seek legal help to understand rights and pursue '
'compensation if affected.'],
'references': [{'source': 'Shamis & Gentile P.A. Investigation Notice'}],
'regulatory_compliance': {'legal_actions': 'Potential (class action lawsuits '
'being investigated by Shamis & '
'Gentile P.A.)'},
'response': {'communication_strategy': 'Notification letters mailed to '
'affected individuals on 2025-11-18; '
'offer of free identity theft '
'protection services',
'incident_response_plan_activated': 'Yes (investigation '
'conducted with external '
'cybersecurity '
'professionals)',
'third_party_assistance': 'Yes (external cybersecurity '
'professionals involved)'},
'threat_actor': 'SAFEPAY',
'title': 'North Georgia Christian Academy Data Breach and Ransomware Attack',
'type': ['Data Breach', 'Ransomware Attack']}