School District Five of Lexington & Richland Counties in South Carolina suffered a ransomware attack in June 2025, claimed by the Interlock ransomware group. The breach exposed sensitive personal data of 31,475 individuals, including current/former students and employees. Compromised information includes full names, dates of birth, Social Security numbers, financial account details, and state-issued IDs (driver’s licenses, passports). The attack disrupted operations, delaying employee bonuses, and forced the district to engage cybersecurity experts for investigation and remediation. The district offered affected individuals 12 months of free credit monitoring, credit reports, and $1M in identity theft insurance via CyberScout (TransUnion). The breach underscores the growing threat to educational institutions, particularly from ransomware groups targeting Five Eyes nations (U.S., UK, Canada, Australia) and Italy. The stolen data was published on Interlock’s leak site, heightening risks of identity theft and financial fraud for victims.
Source: https://www.infosecurity-magazine.com/news/south-carolina-school-district/
TPRM report: https://www.rankiteo.com/company/lexrich5schools
"id": "lex0664206090625",
"linkid": "lexrich5schools",
"type": "Ransomware",
"date": "6/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': '31,475 individuals',
'industry': 'Education (K-12)',
'location': 'Lexington & Richland Counties, South '
'Carolina, USA',
'name': 'School District Five of Lexington & Richland '
'Counties',
'size': {'schools': '24 (13 elementary, 2 '
'intermediate, 3 middle, 4 high, 1 '
'technical, 1 alternative)',
'staff': '2,450',
'students': '27,000'},
'type': 'Public School District'}],
'customer_advisories': {'eligibility': 'Affected individuals (31,475 people)',
'enrollment_deadline': '90 days from notice letter '
'date',
'services_offered': ['Credit monitoring alerts '
'(same-day notifications)',
'Identity theft insurance']},
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': '31,475',
'personally_identifiable_information': ['Names (current and '
'former)',
'Dates of birth',
'Social Security '
'numbers',
'State-issued ID info '
'(driver’s license, '
'passport)'],
'sensitivity_of_data': 'High (includes SSNs, financial data, '
'and state IDs)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Data',
'State-Issued Identification']},
'date_detected': '2025-06-03',
'date_publicly_disclosed': '2025-08-29',
'description': 'A South Carolina school district suffered a data breach that '
'may have exposed personal information of over 31,000 people. '
'The intrusion occurred on June 3, 2025, and was claimed by '
'the Interlock ransomware group on June 24, 2025. The exposed '
'data includes names, dates of birth, Social Security numbers, '
'financial account information, and state-issued ID info. The '
'district is offering free credit monitoring and identity '
'theft insurance to affected individuals.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive student and '
'staff data',
'data_compromised': ['Current and former names',
'Dates of birth',
'Social Security numbers',
'Financial account information',
'State-issued ID info (driver’s license, '
'passport, etc.)'],
'identity_theft_risk': 'High (PII and financial data exposed)',
'operational_impact': 'Delayed employee bonuses',
'payment_information_risk': 'High (financial account information '
'exposed)',
'systems_affected': ['Computer network',
'Payroll system (bonuses delayed)']},
'initial_access_broker': {'high_value_targets': ['Payroll data',
'Student/Staff PII']},
'investigation_status': 'Ongoing (as of August 2025)',
'motivation': 'Likely financial (ransomware)',
'ransomware': {'data_exfiltration': True, 'ransomware_strain': 'Interlock'},
'references': [{'date_accessed': '2025-08-29',
'source': 'Maine Attorney General Breach Notice'},
{'date_accessed': '2025-06-05', 'source': 'WISTV News Report'},
{'date_accessed': '2025-06-24',
'source': 'Interlock Ransomware Group Leak Site'}],
'regulatory_compliance': {'regulatory_notifications': ['Maine Attorney '
'General (data breach '
'notification)']},
'response': {'communication_strategy': ['Notification letters to affected '
'individuals',
'Public disclosure via Maine Attorney '
'General filing',
'Media statements (e.g., WISTV '
'report)'],
'incident_response_plan_activated': True,
'remediation_measures': ['Investigation by cybersecurity experts',
'Network remediation'],
'third_party_assistance': ['Independent cybersecurity experts']},
'stakeholder_advisories': ['Free Single Bureau Credit Monitoring (12 months)',
'Single Bureau Credit Report and Score',
'$1M Identity Theft Insurance (via '
'CyberScout/TransUnion)'],
'threat_actor': 'Interlock Ransomware Group',
'title': 'Data Breach at School District Five of Lexington & Richland '
'Counties, South Carolina',
'type': ['Data Breach', 'Ransomware Attack']}