Portland Public Schools in Maine over the weekend confirmed it notified 12,128 people of a February 2025 data breach that compromised the following personal info:
- Names
- Social Security numbers
- Financial account info
- Medical info
- Health insurance info
- Government-issued ID (e.g. driver’s license)
- Dates of birth
A cybercriminal group called RansomHub took credit for the breach in May 2025. In a post on its data leak website, RansomHub said it stole 110 GB of data from the school district. To prove its claim, RansomHub posted images of what it says are documents stolen from PPS. They include ID scans, insurance documents, budgets, and student health info.
PPS has not acknowledged RansomHub’s claim. Comparitech cannot verify the authenticity of the data. We do not know how attackers breached PPS’ network, if PPS paid a ransom, or how much RansomHub demanded. The school district declined answering Comparitech’s questions.
“On or about February 2, 2025, PPS experienced unauthorized access to our network,” says PPS’ notice to victims. “After an extensive forensic investigation and comprehensive document review, they determined on January 6, 2026 that some of your personal information stored on our network may have been accessed and/or acquired by an unauthorized individual.”
“As a result of the investigation, it was determined that this incident was attributable to a cybersecurity attack. We have also learned that certain employee personal information was likely accessed and/or acquired by the bad actor,” said senior director of data and technology Hayley Didriksen in a letter to the community published on January 30, 2026.
PPS is offering eligible victims free credit monitoring and identity theft insurance through Experian.
Who is RansomHub?
RansomHub is a ransomware gang that first started posting attack claims to its leak site in February 2024. It runs a ransomware-as-a-service business in which affiliates pay to use the group’s malware and infrastructure to launch their own attacks and collect ransoms. RansomHub is behind high-profile attacks on Rite Aid, Christie’s auction house, Frontier Communications, and the Florida Department of Health.
From February 2024 to March 2025, RansomHub claimed responsibility for 767 ransomware attacks. The organizations it targeted confirmed 163 of those attacks, 17 of which were schools or other educational institutions.
RansomHub took credit for the following data breaches:
- Charleston County School District (SC) notified 20,653 people of a July 2024 data breach
- Crystal Lake Elementary District 47 (IL) notified 14,207 people of an October 2024 breach
- Indian Springs School District 109 (IL) notified 11,542 people of an October 2024 breach
Ransomware attacks on US schools
Comparitech researchers logged 51 confirmed ransomware attacks on US schools, colleges, and other educational institutions in 2025, compromising more than 3.9 million personal records.
Other such recent attacks include:
- Clackamas Community College notified 33,381 people of an October 2025 data breach for which ransomware group Medusa demanded a $300,000 ransom
- Trocaire College notified 23,436 people of a March 2025 data breach claimed by Inc Ransomware
Ransomware attacks on schools can both steal data and disrupt day-to-day operations such as taking attendance, submitting grades, phone and email communications, billing, payroll, and assignments. Schools that refuse to pay can face extended downtime, permanent data loss, and putting students and faculty at increased risk of fraud.
About Portland Public Schools
Portland Public Schools is the largest school district in Maine. It consists of 10 elementary schools, three middle schools, and three high schools. It enrolls 6,244 students and employs 1,524 people, according to the PPS website.
