Bellflower Unified School District in Los Angeles last week confirmed it notified an undisclosed number of people about an August 2025 data breach that compromised Social Security numbers and other private info.
The cyberattack began in early August 2025 and rendered many of the district’s network services temporarily inoperable.
On October 28, 2025, a cybercriminal group called Rhysida took credit for the breach and demanded 10 bitcoin in ransom, worth about $1.15 million at the time.
Bellflower Unified School District has not acknowledged Rhysida’s claim and Comparitech cannot independently verify its authenticity. We do not know if the district paid a ransom or how attackers breached its network. Comparitech contacted the district for comment and will update this article if it replies.
The district began sending notice letters to breach victims on June 12, 2026, according to a disclosure published by the California attorney general.
“The District determined that certain historical information stored in the impacted directory included sensitive information that could have been compromised,” says an update on the district’s website.
“For reference, current student data is stored in Aeries, which was not impacted by the incident; however, there was evidence of impact on certain historical student, parent, and employee data stored on an impacted server.”
Bellflower is offering breach victims free credit monitoring through Iris Identity Protection. The deadline to enroll is 90 days from the date on the notice letter.
Who is Rhysida?
Rhysida is a cybercriminal group that first surfaced in May 2023. Its ransomware can steal data and lock down targeted systems. It then demands a ransom both for deleting stolen data and for a key to restore infected devices. Rhysida operates a ransomware-as-a-service business in which affiliates pay Rhysida to use its malware and infrastructure to launch attacks and collect ransoms.
In 2025, Rhysida claimed responsibility for 92 ransomware attacks. Of those, 27 were confirmed by the organizations it targeted.
Rhysida hit two other schools around the same time as Bellflower:
- Collège Supérieur de Montréal in Canada reported an October 2025 data breach for which Rhysida demanded $430,000
- Yokosuka Gakuin Elementary School in Japan reported a December 2025 data breach for which Rhysida demanded $519,000
In 2026 to date, Rhysida has taken credit for 10 more attacks, two of which have been confirmed so far. They include German tech company Elabs AG and Canadian manufacturer STELIA Aerospace.
Ransomware attacks on US education
Comparitech researchers logged 56 confirmed ransomware attacks on US schools, colleges, and other educational institutions in 2025. Those attacks compromised more than 4 million records.
In addition to Bellflower, Nelson University also started issuing data breach notices this week. It’s now notified nearly 22,000 people of a May 2025 data breach claimed by the Qilin ransomware group.
In 2026 so far, we’ve logged 11 such attacks. One of them is Evanston Township High School District 202, which is still trying to contain an attack that began June 7, 2026.
Ransomware attacks on schools can both steal data and disrupt day-to-day operations such as taking attendance, submitting grades, phone and email communications, billing, payroll, and assignments. Schools that refuse to pay can face extended downtime, permanent data loss, and putting students and faculty at increased risk of fraud.
About Bellflower Unified School District
Bellflower Unified School District enrolls nearly 10,000 students in Los Angeles County, California. It consists of 10 elementary schools, two high schools, a continuation high school, and an independent academy.