Muscogee County School District has started issuing data breach notifications following a cyber attack in December 2024. This attack was claimed by ransomware gang SafePay in late January with 382 GB of data allegedly stolen.
In its notification, Muscogee County School District (MCSD) states that it detected suspicious activity on its network on December 26, 2024. However, after investigation, it found that: “an unknown third party accessed our computer network between December 12, 2024, and December 26, 2024, and may have obtained data related to employees.” This data includes names, Social Security numbers, and financial account numbers and routing numbers used for payroll purposes.
MCSD hasn’t confirmed SafePay’s claims, whether or not a ransom was demanded/paid, or how many people were involved in this incident in total. Comparitech has contacted the district for more information and will update this article if it responds.
MCSD is offering those affected identity monitoring services via Kroll.
Who is SafePay?
Since November 2024, SafePay has been adding victims to its data leak site. To date, we’ve tracked 13 confirmed and 61 unconfirmed attacks via this group. Two confirmed attacks and 24 unconfirmed attacks are from this year.
One of the confirmed attacks from January 2025 is Harrison County Board of Education. This attack led to school closures but no data breach notifications have been issued as of yet.
A further two confirmed victims are also US educational institutions: Elwood Community School Corporation (hit in November 2024) and Starkville-Oktibbeha Consolidated School District (breached in December 2024 but no ransom paid).
SafePay uses LockBit-based ransomware and appears to follow a double-extortion technique whereby a ransom is demanded to decrypt systems and delete stolen data. In the case of MCSD, it’s unclear whether disruption was caused due to encrypted systems. However, this could be due to the attack taking place on December 26 when the schools were closed to students.
Ransomware attacks on US schools & colleges
Despite seeing a drop in ransomware attacks on US schools in 2024 (the number of attacks dipped from 123 in 2023 to 70 in 2024), we are potentially seeing an uptick in attacks this year. Five attacks on US educational institutions have been confirmed this year so far with a further 15 unconfirmed.
As well as Harrison County Board of Education, Addison Northwest School District, the University of Oklahoma, Jefferson School District 251, and Aurora Public Schools have also confirmed attacks. Ransomware gang Fog was behind the attacks on the University of Oklahoma and Aurora Public Schools, while ThreeAM claimed the attack on Addison. No groups have claimed Jefferson School District 251 but classes were also canceled in this case.
Unfortunately, ransomware attacks on the education sector not only have the potential to cause widespread disruption when systems are encrypted but also have an ongoing impact if data is stolen. In 2024, we noted over 1.8 million breached records across the 70 attacks.
About Muscogee County School District
Located in Columbus, Georgia, Muscogee County School District is home to 56 schools, centers, and magnet programs. It employs over 5,500 people and serves more than 30,000 students.
