Muscogee County School District

The Muscogee County School District in Georgia experienced a ransomware attack in December 2024, attributed to the SafePay ransomware gang. The breach compromised current and former employees’ sensitive data, including names, Social Security numbers, and bank account numbers, affecting 34,056 individuals. SafePay claimed to have stolen 382 GB of data, though the district has not verified the full extent of the theft. The attack was detected on December 26, 2024, with unauthorized access occurring between December 12 and December 26, 2024. The district began issuing data breach notifications in February 2025, offering affected individuals free credit monitoring and identity theft restoration via Kroll. SafePay, a LockBit-based ransomware group, employs double extortion, demanding payment for both system restoration and data deletion. While the ransom amount (if paid) remains undisclosed, the attack ranks as the 10th-largest in 2024 by records compromised among US educational institutions. The incident highlights the growing threat of ransomware targeting public school districts, with SafePay alone responsible for six confirmed attacks on educational entities since late 2024.

Source: https://www.comparitech.com/news/muscogee-county-school-district-notifies-34k-of-data-breach-that-leaked-employee-ssns-financial-info/

TPRM report: https://www.rankiteo.com/company/muscogee-county-school-district

"id": "mus508082225",
"linkid": "muscogee-county-school-district",
"type": "Ransomware",
"date": "12/2024",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'customers_affected': '34,056 (current and former '
                                              'employees)',
                        'industry': 'Education (K-12)',
                        'location': 'Columbus, Georgia, USA',
                        'name': 'Muscogee County School District',
                        'size': '5,500+ employees, 30,000+ students, 56 '
                                'schools/centers',
                        'type': 'Public School District'}],
 'customer_advisories': 'Free credit monitoring and identity theft restoration '
                        'offered via Kroll',
 'data_breach': {'data_exfiltration': 'Yes (382 GB claimed by SafePay)',
                 'number_of_records_exposed': '34,056',
                 'personally_identifiable_information': ['Names',
                                                         'Social Security '
                                                         'Numbers',
                                                         'Bank Account '
                                                         'Numbers'],
                 'sensitivity_of_data': 'High (SSNs, bank account numbers)',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information (PII)',
                                              'Financial Data']},
 'date_detected': '2024-12-26',
 'date_publicly_disclosed': '2025-02',
 'description': 'The Muscogee County School District in Georgia confirmed a '
                'data breach in December 2024 that compromised current and '
                'former employees’ names, Social Security numbers, and bank '
                'account numbers. Ransomware gang SafePay claimed '
                'responsibility, stating it stole 382 GB of data. The district '
                'notified 34,056 affected individuals in February 2025 and is '
                'offering free credit monitoring and identity theft '
                'restoration via Kroll.',
 'impact': {'brand_reputation_impact': 'High (Public disclosure of sensitive '
                                       'employee data, potential loss of '
                                       'trust)',
            'data_compromised': ['Names',
                                 'Social Security Numbers',
                                 'Bank Account Numbers'],
            'identity_theft_risk': 'High (SSNs and bank account numbers '
                                   'exposed)',
            'payment_information_risk': 'High (Bank account numbers '
                                        'compromised)'},
 'initial_access_broker': {'high_value_targets': ['Employee PII',
                                                  'Financial Data'],
                           'reconnaissance_period': 'Potential activity '
                                                    'between 2024-12-12 and '
                                                    '2024-12-26'},
 'investigation_status': 'Ongoing (as of 2025-02; district has not confirmed '
                         'SafePay’s 382 GB claim)',
 'motivation': ['Financial Gain (Ransom)', 'Data Theft for Extortion'],
 'ransomware': {'data_exfiltration': 'Yes (382 GB claimed)',
                'ransomware_strain': 'LockBit-based (used by SafePay)'},
 'references': [{'source': 'Comparitech'},
                {'date_accessed': '2025-02',
                 'source': 'Muscogee County School District Breach Notice'}],
 'response': {'communication_strategy': 'Public disclosure via breach notices '
                                        '(February 2025), media statements',
              'incident_response_plan_activated': 'Yes (Investigation launched '
                                                  'after detecting suspicious '
                                                  'activity on 2024-12-26)',
              'third_party_assistance': ['Kroll (credit monitoring and '
                                         'identity theft restoration)']},
 'stakeholder_advisories': 'Breach notices sent to 34,056 affected individuals '
                           '(February 2025)',
 'threat_actor': 'SafePay',
 'title': 'Muscogee County School District Data Breach (December 2024)',
 'type': ['Data Breach', 'Ransomware Attack']}