North Stonington Public Schools in Connecticut today notified students and faculty of a September 2025 data breach that compromised sensitive personal information.
For current and former students, the breached data included names, dates of birth, addresses, student ID numbers, health info, names of parents and guardians, academic records, assignments, exams, attendance, disciplinary records, academic evaluations, progress reports, IEPs, 504 plans, birth certificates, residency verifications, and notes from therapists and counselors.
For faculty and staff, the compromised employment records and personnel files contained names, addresses, Social Security numbers, driver’s license info, dates of birth, payroll and benefits info, tax forms, and FMLA records.
Ransomware gang Interlock took credit for the breach on October 13 and said it stole 3 TB of the school district’s data. To prove its claim, Interlock posted samples images of what it says are documents stolen from NSPS.
North Stonington Public Schools has not verified Interlock’s claim. We do not know how many people are affected, if NSPS paid a ransom, how much Interlock demanded, or how attackers breached the district’s network. Comparitech contacted NSPS for comment and will update this article if it replies.
“On or about September 18, 2025, NSPS detected a cybersecurity incident involving unauthorized access to NSPS’ network,” NSPS said in the notice (PDF) posted today. “The investigation revealed that various NSPS records pertaining to NSPS faculty, staff, and students, were accessed.”
The district is offering free credit monitoring to current and former students, staff, and faculty. The deadline to enroll is 90 days from receipt of the notice by mail.
Who is Interlock?
Interlock is a ransomware gang that first started claiming attacks on its leak site in October 2024. Its malware both steals data and locks down computer systems. Interlock then demands a ransom to restore infected systems and secure stolen data.
Interlock has claimed responsibility for 34 confirmed ransomware attacks since it began, plus 32 unconfirmed claims that weren’t publicly acknowledged by the targeted organizations.
Twelve of Interlock’s confirmed attacks struck schools, colleges, or other educational institutions. They most recently include Loyola College and Kearney Public Schools in Nebraska. Interlock took credit for an August 2025 data breach reported by Loyola and an October 2025 breach reported by Kearney.
Ransomware attacks on US education
Comparitech researchers have logged 39 confirmed ransomware attacks on US schools, colleges, and other educational institutions in 2025 to date. In addition to NSPS and Kearney Public Schools, this month also saw ransomware gangs Cl0p and Qilin take credit for attacks against Harvard University and Halifax County, VA public schools, respectively.
The two largest such attacks of 2025 include:
- Madison Elementary School District 38 in Phoenix, AZ notified 35,000 people of a data breach claimed by Interlock
- The Institute of Culinary Education notified 33,000 people of a May 2025 data breach claimed by Payouts King
Ransomware attacks on schools and colleges can disrupt day-to-day operations such as taking attendance, submitting grades, phone and email communications, billing, payroll, assignments, and more. Ransomware attacks are often two-pronged: they lock down computer systems and steal data. Schools that refuse to pay a ransom face extended downtime, data loss, and putting students and faculty at increased risk of fraud.
The education sector takes longer than any other to notify victims of data breaches: 4.8 months on average.
About North Stonington Public Schools
North Stonington Public Schools is a school district on the coast of Connecticut. It consists of two schools: North Stonington Elementary School and Wheeler Middle/High School. The district enrolls more than 700 students in total.
