Indian Springs School District 109 yesterday confirmed it notified 11,542 people of an October 2024 data breach that compromised the following personal info:
- Names
- Social Security numbers
- Contact info
- Student ID numbers
- State-issued ID numbers
- Class schedules
- Transcript info
- Medical info
- Health insurance info
- Parent/guardian names
- 504 Plan or IEP info
- Race/ethnicity info
- Financial aid info
- Financial account info
Ransomware group RansomHub took credit for the attack, saying it stole 45 GB of data from ISD 109. To prove its claim, RansomHub posted sample images on its website of what it says are documents stolen from the school district, including several financial documents.
The district has not verified RansomHub’s claim. We do not yet know if ISD 109 paid a ransom, how much RansomHub demanded, or how attackers breached the district’s network. Comparitech contacted Indian Springs School District 109 officials for comment and will update this article if they reply.
“Our investigation revealed that certain information within our systems was subject to unauthorized access or acquisition on or around October 29, 2024,” says ISD 109’s district’s notice to victims.
The district is offering eligible victims free credit monitoring and identity protection through Cyberscout. The deadline to enroll is 90 days from receipt of the notice letter.
Who is RansomHub?
RansomHub runs on a ransomware-as-a-service business in which affiliates pay to use the group’s malware and infrastructure to launch their own attacks and collect ransoms. RansomHub is behind high-profile attacks on Rite Aid, Christie’s auction house, Frontier Communications, and the Florida Department of Health. It first started posting organizations it hacked to its leak site in February 2024.
Since it started, RansomHub has claimed responsibility for 148 confirmed ransomware attacks, plus 619 unconfirmed claims that haven’t been publicly acknowledged by the targeted organizations.
16 of its confirmed attacks struck schools, universities, and other educational institutions. They include Charleston County School District in
South Carolina, which notified 20,653 people of a July 2024 breach, and Crystal Lake Elementary District 47 in Illinois, which notified 14,207 people of an October 2024 breach.
Ransomware attacks on US education
Comparitech researchers logged 81 confirmed ransomware attacks on US schools and colleges in 2024, compromising nearly 3 million records.
In another such attack confirmed this week, the Webb Institute notified 1,520 people of a September 2024 data breach claimed by Inc Ransomware.
In 2025 to date, we’ve logged 22 ransomware attacks on US schools, including:
- Central Point School District (OR) reported a May 2025 breach claimed by Interlock
- School District 5 of Lexington and Richland Counties (SC) reported a June 2025 breach claimed by Interlock
- Botetourt County Public Schools (VA) notified 315 people of a May 2025 breach claimed by Qilin
- Flemington-Raritan School District (NJ) reported a June 2025 attack by unknown attackers
We’re monitoring another 100 unconfirmed attack claims made across 2024 and 2025.
About Indian Springs School District 109
IDS 109 is a school district based in Justice, Illinois, in the Chicago metropolitan area. It enrolls about 2,500 students in four elementary schools, one junior high school, and one early childhood center.
