Grandview School District, Alamo Heights ISD and Nelson University: Grandview School District warns 9,000+ people of data breach 21 months later

Grandview School District, Alamo Heights ISD and Nelson University: Grandview School District warns 9,000+ people of data breach 21 months later

Grandview School District Confirms 2024 Data Breach Impacting 9,414 Individuals

Grandview School District in Washington disclosed a September 2024 data breach affecting 9,414 individuals, exposing sensitive personal information, including names, Social Security numbers, student ID numbers, financial account details, health-related data, state-issued IDs, and dates of birth.

The breach was first detected on October 8, 2024, when the district reported an internal server disruption disrupting phone and internet services. However, victims were not notified until 21 months later far exceeding the average four-month notification window for most organizations. The delay in disclosure remains unexplained.

On November 27, 2024, the ransomware group BlackSuit claimed responsibility for the attack, stating it had stolen employee and student files. Grandview has not confirmed BlackSuit’s involvement, and key details such as whether a ransom was paid, the attackers’ entry point, or the ransom demand remain undisclosed. The district’s investigation revealed unauthorized access to its systems between September 28 and October 8, 2024.

As part of its response, Grandview is offering affected individuals 12 months of free credit monitoring through CyberScout, with enrollment open for 90 days from the notice date. Only individuals aged 18 or older are eligible.

About BlackSuit
BlackSuit, a ransomware gang active since April 2023, has targeted critical sectors, including healthcare, government, and education. Unlike ransomware-as-a-service operations, BlackSuit operates independently, extorting victims for both decryption keys and to prevent data leaks. The group has claimed 177 attacks, with 72 confirmed by targeted organizations. Prior education sector victims include Select Education Group (67,097 records, November 2023), DePauw University (25,981 records, October 2023), and Community High School District 117 (18,830 records, June 2024).

Broader Impact on Education
Ransomware attacks on U.S. schools have surged, with 83 confirmed incidents in 2024 compromising 3.72 million records. In 2025, researchers logged 56 attacks, with 12 more in early 2026. Recent breaches include Alamo Heights ISD (26,629 records, March 2026), Nelson University (22,000 records, May 2025), and Bellflower Unified School District (August 2025), where Rhysida demanded a $1.15 million ransom.

Such attacks disrupt critical operations from attendance tracking and grading to payroll and communications while exposing students and staff to fraud risks. Schools that refuse ransom demands may face prolonged downtime and permanent data loss.

About Grandview School District
Serving 3,644 students, the district operates three elementary schools, a middle school, a high school, and a learning center.

Source: https://www.comparitech.com/news/grandview-school-district-warns-9000-people-of-data-breach-21-months-later/

Nelson cybersecurity rating report: https://www.rankiteo.com/company/nelson-education

Grandview School District #200 cybersecurity rating report: https://www.rankiteo.com/company/grandview-school-district-200

Los Alamos Public Schools cybersecurity rating report: https://www.rankiteo.com/company/los-alamos-public-schools

"id": "NELGRALOS1782412398",
"linkid": "nelson-education, grandview-school-district-200, los-alamos-public-schools",
"type": "Ransomware",
"date": "9/2024",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '9,414 individuals',
                        'industry': 'Education',
                        'location': 'Washington, USA',
                        'name': 'Grandview School District',
                        'size': '3,644 students',
                        'type': 'Educational Institution'}],
 'customer_advisories': '12 months of free credit monitoring offered to '
                        'affected individuals aged 18+ (enrollment open for 90 '
                        'days).',
 'data_breach': {'data_exfiltration': 'Yes (claimed by BlackSuit)',
                 'number_of_records_exposed': '9,414',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High (PII, financial, and health '
                                        'data)',
                 'type_of_data_compromised': ['Names',
                                              'Social Security numbers',
                                              'Student ID numbers',
                                              'Financial account details',
                                              'Health-related data',
                                              'State-issued IDs',
                                              'Dates of birth']},
 'date_detected': '2024-10-08',
 'date_publicly_disclosed': '2024-11-27',
 'description': 'Grandview School District in Washington disclosed a September '
                '2024 data breach affecting 9,414 individuals, exposing '
                'sensitive personal information, including names, Social '
                'Security numbers, student ID numbers, financial account '
                'details, health-related data, state-issued IDs, and dates of '
                'birth. The ransomware group BlackSuit claimed responsibility '
                'for the attack.',
 'impact': {'brand_reputation_impact': 'Likely negative impact due to delayed '
                                       'disclosure and data exposure',
            'data_compromised': '9,414 records',
            'identity_theft_risk': 'High (exposure of SSNs, financial data, '
                                   'and PII)',
            'operational_impact': 'Disruption of phone and internet services, '
                                  'delayed notifications',
            'payment_information_risk': 'High (financial account details '
                                        'exposed)',
            'systems_affected': 'Internal servers, phone and internet '
                                'services'},
 'investigation_status': 'Ongoing',
 'motivation': 'Extortion, Data Theft',
 'post_incident_analysis': {'root_causes': 'Unauthorized access between '
                                           'September 28 and October 8, 2024. '
                                           'Delayed detection and response.'},
 'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'BlackSuit'},
 'recommendations': 'Improve incident response timelines, enhance monitoring '
                    'for unauthorized access, and consider proactive '
                    'ransomware defenses.',
 'references': [{'source': 'Grandview School District Disclosure'},
                {'source': 'BlackSuit Ransomware Group Claim'}],
 'response': {'communication_strategy': 'Delayed notification (21 months after '
                                        'detection)',
              'third_party_assistance': 'CyberScout (credit monitoring)'},
 'threat_actor': 'BlackSuit',
 'title': 'Grandview School District 2024 Data Breach',
 'type': 'Data Breach, Ransomware'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.