Cherokee County School District (CCSD) has started notifying 46,119 people of a data breach following a cyber attack in March 2025. The data affected includes:
- Names
- Social Security numbers
- Driver’s license numbers
- Passport numbers
- Financial account information
- Certain health data
This attack becomes the largest data breach (via ransomware) on the US education sector so far this year.
As we have previously reported, CCSD suffered a cyber attack on March 15, 2025. This led to widespread disruptions across the district’s network for around two weeks.
Interlock came forward to claim the attack, saying it had stolen 624 GB of data from the school district, including tax documents, employee data, and financial information.
When previously asked about Interlock’s claims and whether or not a ransom was demanded/paid, CCSD didn’t comment on the nature of the cyber attack but did provide us with the following statement:
“At Cherokee County School District (CCSD), we recognize the importance of protecting our students, parents, and staff, including their personal data. In March, we alerted our school community that we were investigating a cybersecurity event that impacted portions of our information technology (IT) environment. Upon discovery of this incident, we acted quickly and engaged federal and state law enforcement agencies, and leading IT security experts. We worked diligently to minimize the impact of this incident on our day-to-day operations, and we can confirm that our IT environment is essentially fully restored. We are currently assessing the CCSD records impacted by this incident, and we will directly engage with those in the CCSD community who could have been impacted by it. We are proud of the way that the CCSD team has responded to this incident, and we are grateful for the tremendous support we have received from the CCSD community.”
CCSD is offering those affected complimentary, multi-year credit monitoring services through TransUnion.
Who is Interlock?
Interlock first began adding victims to its data leak site in October 2024. As with most ransomware gangs today, it seeks a ransom payment for the decryption of systems and the deletion of stolen data.
Since October 2024, we’ve tracked 28 confirmed attacks via this group and a further 35 unconfirmed attacks that haven’t been acknowledged by the organizations in question. Across the confirmed attacks, Interlock alleges to have stolen 56 TB of data, while nearly 4.5 million records are confirmed to have been breached across these attacks.
Eight of Interlock’s confirmed attacks have been on education providers, with the other confirmed attacks this year being:
- Aztec Municipal School District – February 2025: Schools were closed from February 24 to March 3.
- Kalamazoo Public Schools – April 2025: 8,592 people were impacted in this breach.
- Central Point School District 6 – May 2025: Interlock alleged to have stolen over 2.6 TB of data.
- School District Five of Lexington and Richland Counties – June 2025: The school district confirmed last week that 31,475 people were impacted in this breach.
- Christian Brothers Academy – June 2025: 2,928 are confirmed to have been impacted in this breach.
So far this year, we’ve noted 18 confirmed and 31 unconfirmed attacks via the group.
Ransomware attacks on the US education sector
As we have seen with this attack on the Cherokee County School District, ransomware attacks on the education sector can have serious consequences, both in the downtime caused by the attacks and in the subsequent data breaches.
So far this year, we’ve seen 30 confirmed attacks on this sector with over 115,000 records breached across these attacks. This attack on CCSD is the largest confirmed breach so far, followed by the aforementioned attack on School District Five of Lexington and Richland Counties (31,500 affected) and the February 2025 attack on Baltimore City Public Schools (over 20,600 affected).
Out of the 30 confirmed attacks this year, only eight have submitted data breach notifications so far. While not all of the attacks may have resulted in breaches, it’s highly likely we’ll see a number of other confirmed breaches coming through in the next few months.
We are also monitoring 58 unconfirmed attacks from this year so far.
About Cherokee County School District
Cherokee County School District in South Carolina enrolls about 8,000 students in nine elementary schools, three middle schools, and two high schools. Cherokee County sits on the North Carolina border, roughly between Asheville and Charlotte.
