DC-area school system says data of 100,000 people affected in ransomware attack

A school district in the Washington, D.C., suburbs says the personal information of nearly 100,000 people was breached by a ransomware gang right before classes started in the fall.

Prince George’s County Public Schools (PGCPS) finished its review of the incident earlier this year, according to a February 16 regulatory filing, and determined that “personal information was included in the potentially impacted data set.”

The ransomware attack, discovered August 14 last year and publicly reported soon afterward, resulted in a network outage for the Maryland district, which serves about 130,000 students.

“The information present in the files that may have been viewed or acquired as a result of this incident varies per person, and includes individuals’ names, financial account information, and Social Security Number,” PGCPS said.

The attack began as early as August 3, the school district said. In November, reports said the Rhysida ransomware gang had posted PGCPS data to its leak site.

In total, 99,543 people were affected in the August breach, according to the regulatory filing. The paperwork does not mention any specific cybercrime group.

Cyberattacks on K-12 school systems nationwide continue to be in the news, even as analysts say the overall number of ransomware incidents seems to be decreasing. Last week the Middletown Area School District in Pennsylvania reported an incident, and earlier in February the Central School District 13J in Oregon had to cancel classes because of a cyberattack.