A South Carolina school district suffered a data breach that may have exposed personal information of over 31,000 people.
In a filing sent to the Maine Attorney General on August 29, School District Five of Lexington & Richland Counties, South Carolina, stated that a June 2025 data breach may have affected 31,475 individuals.
The exposed information likely includes:
- Current and former names
- Dates of birth
- Social Security numbers
- Financial account information
- State-issued ID info (driver’s license, passport, etc.)
According to a sample of the letter sent to the affected individuals by Akil E. Ross Sr., Superintendent of School District Five of Lexington & Richland Counties, the intrusion occurred on June 3.
On that day, the District noticed an incident involving its computer network.
“We engaged independent cybersecurity experts to assist with investigating and remediating our network. As a result of the investigation, we determined that some files were taken from the network by an external unauthorized individual,” Ross Sr. wrote.
School District Five of Lexington and Richland Counties operates a comprehensive educational system comprising 13 elementary schools, two intermediate schools, three middle schools, four high schools, one technical school and one alternative school.
The District serves approximately 27,000 students and employs a workforce of around 2450 staff members.
On June 5, local media outlet WISTV reported that bonuses for the District’s employees had been delayed due to the attack.
Free Credit Monitoring for Affected People
In the letter to affected individuals, Ross Sr. also explained that the District was offering free access to Single Bureau Credit Monitoring, a Single Bureau Credit Report and a Single Bureau Credit Score.
These services provide alerts for 12 months from the date of enrollment, notifying users the same day of any changes or updates occur in their credit file with the bureau.
The District is also offering $1m in identity theft insurance provided through CyberScout, a TransUnion-owned company specializing in fraud assistance and remediation.
Eligible individuals must enroll within 90 days of the date on their notice letter, which they had either already received or would receive by mail.
Claimed by Interlock Ransomware Group
The attack was claimed on June 24 by Interlock, a ransomware group that emerged in late 2024.
The group has claimed responsibility for numerous attacks on education organizations and local administrations since it began publishing victims' data on its data leak site, particularly in some of the Five Eyes countries (Australia, Canada, the UK, and the US) and Italy.
So far in 2025, Comparitech has recorded a total of 29 confirmed ransomware attacks on US schools, universities and other educational institutions.