Mastery Schools, a Philadelphia-based school network, has fallen victim to a ransomware attack that exposed a trove of sensitive data, ranging from names and Social Security numbers (SSNs) to credit card info.
The school network started sending out breach notification letters to individuals whose data may have been exposed during the September 2024 ransomware attack. At the time, the DragonForce gang breached Mastery Schools, supposedly taking over 170 gigabytes of data.
Mastery’s breach notification doesn’t specify which gang victimized the organization, referring to perpetrators as “unauthorized actors.” However, describing attackers encrypting data with malicious software strongly suggests a ransomware attack.
“As soon as we discovered this suspicious activity, we immediately took steps to investigate, contain, and remediate the situation, including proactively shutting down systems, reporting the matter to federal law enforcement, and engaging experienced cybersecurity professionals to assist,” the breach notification letter reads.
Information that Mastery Schools submitted to the Maine Attorney General’s Office revealed that over 37,000 people were exposed in the attack. Since the network has around 12,000 students in over 24 schools, the number of impacted individuals points to staff being impacted by the attack as well.
After a subsequent investigation, the network learned that attackers may have accessed a large amount of sensitive details. A separate note on the network’s website indicated that attackers may have accessed:
- Names
- Dates of birth
- Social Security numbers (SSNs)
- Taxpayer IDs numbers
- Government-issued IDs
- Passport numbers
- Bank and financial details
- Credit and debit card details
- Biometrics
- Usernames and passwords
- Medical information
- Health insurance info
- Student ID numbers
- Student records
Attackers could utilize the exposed details in numerous ways. For example, there’s more than enough information to carry out identity theft, set up fraudulent accounts, file false tax returns, and access medical care. Leaking biometrics is particularly damaging, as users have no way to change their fingerprints or other information included in the biometric data.
To help impacted individuals alleviate their concerns, the Mastery Schools will provide complimentary identity protection services and access to fraud detection tools.
Mastery Schools is the biggest charter school network in Philadelphia, operating 24 charter schools in Philadelphia, Pennsylvania, and Camden, New Jersey.
“As soon as we discovered this suspicious activity, we immediately took steps to investigate, contain, and remediate the situation, including proactively shutting down systems, reporting the matter to federal law enforcement, and engaging experienced cybersecurity professionals to assist,”
Mastery's breach notification said.
The network’s attacker, DragonForce, is becoming one of the most notorious ransomware cartels currently operating. The gang recently made headlines after a devastating attack on a major UK retailer, Marks and Spencer (M&S).
First spotted in 2023, the gang has been causing trouble for its competitors as well. The cartel claimed hacks against data leak sites belonging to BlackLock and Mamona, two related ransomware groups.
DragonForce also says it hacked RansomHub, another prominent ransomware cartel, one of the most active gangs from last year. DragonForce lures competitors with the opportunity to join their ranks and claims to overtake RansomHub’s infrastructure.
According to the Cybernews dark web monitoring tool, Ransomlooker, DragonForce has attacked 104 organisations in the last 12 months.
Your email address will not be published. Required fields are markedmarked