A ransomware gang called Inc over the weekend took credit for a last month’s cyber attack on the Valley View Independent School District in Hidalgo County, Texas.
The district on November 10 confirmed a cyber attack impacted its computer systems and phone lines.
In a post on its data leak website, Inc said it stole 68 GB of data in the attack on November 29, 2025. Inc gave Valley View about two weeks to pay an undisclosed sum in ransom. To prove its claim, Inc posted images of what it says are documents stolen from the district.
Valley View Independent School District has not verified Inc’s claim. We do not know how much Inc demanded in ransom, how attackers breached the district’s network, or what data was compromised. Comparitech contacted district officials for comment and will update this article if it replies.
“We want to inform you that our district is currently experiencing a cybersecurity incident that has affected our computer systems and phone lines. Please know that all students and staff are safe, and classes are continuing as normal,” says the district’s November 10 Facebook post.
Who is Inc?
Inc is a ransomware gang that first emerged in the middle of 2023 and has since targeted a wide range of victims in healthcare, education, and government. Its methods include spear phishing and exploiting known vulnerabilities in software. Inc employs a double-extortion scheme in which it both steals data and locks up infected systems, forcing victims to pay both for s
South Texas ISD cybersecurity rating report: https://www.rankiteo.com/company/south-texas-isd
"id": "SOU1764620017",
"linkid": "south-texas-isd",
"type": "Ransomware",
"date": "12/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'incident': {'affected_entities': [{'customers_affected': None,
'industry': 'education (K-12)',
'location': 'Hidalgo County, Texas, USA',
'name': 'Valley View Independent School '
'District',
'size': None,
'type': 'educational institution'}],
'customer_advisories': 'Public Facebook post on November 10, '
'2025, acknowledging the incident and '
'assuring safety of students/staff.',
'data_breach': {'data_encryption': None,
'data_exfiltration': '68 GB (claimed by Inc, '
'unverified)',
'file_types_exposed': None,
'number_of_records_exposed': None,
'personally_identifiable_information': None,
'sensitivity_of_data': None,
'type_of_data_compromised': None},
'date_detected': '2025-11-10',
'date_publicly_disclosed': '2025-11-10',
'description': "The ransomware gang 'Inc' claimed responsibility "
'for a cyber attack on Valley View Independent '
'School District (Hidalgo County, Texas) in '
'November 2025. The gang allegedly stole 68 GB of '
'data and employed a double-extortion scheme, '
'demanding an undisclosed ransom. The district '
'confirmed a cybersecurity incident on November '
'10, 2025, affecting its computer systems and '
'phone lines, but has not verified Inc’s claims '
'about the data theft or ransom demand. Classes '
'continued as normal, and no details were '
'provided on the breach method or compromised '
'data.',
'impact': {'brand_reputation_impact': 'potential reputational '
'damage due to public '
'disclosure of cyber '
'attack',
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': '68 GB (claimed by Inc, '
'unverified)',
'downtime': None,
'financial_loss': None,
'identity_theft_risk': None,
'legal_liabilities': None,
'operational_impact': 'disruption to IT and '
'communication systems (phone '
'lines and computers)',
'payment_information_risk': None,
'revenue_loss': None,
'systems_affected': ['computer systems',
'phone lines']},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'investigation_status': 'ongoing (district has not verified '
'Inc’s claims; details on breach method '
'and compromised data unknown)',
'motivation': 'financial gain (ransom)',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': None},
'ransomware': {'data_encryption': None,
'data_exfiltration': '68 GB (claimed)',
'ransom_demanded': 'undisclosed (two-week '
'deadline given by Inc)',
'ransom_paid': None,
'ransomware_strain': 'Inc'},
'references': [{'date_accessed': None,
'source': 'Comparitech',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': None},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'public announcement via '
'Facebook (November 10, '
'2025) confirming the '
'incident and assuring '
'safety of students/staff',
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': None,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'threat_actor': 'Inc Ransomware Gang',
'title': 'Ransomware Attack on Valley View Independent School '
'District by Inc Gang',
'type': ['ransomware', 'data breach']}}