Introduction
In September 2024 [1] [2] [3] [4] [5] [6], Mastery Schools [1] [2] [3] [4] [5] [6], the largest charter school network in Philadelphia [1] [5], fell victim to a significant ransomware attack by the group DragonForce. This incident highlights the vulnerabilities in educational institutions’ cybersecurity measures and the potential risks associated with data breaches.
Description
In September 2024 [1] [2] [3] [4] [5] [6], Mastery Schools [1] [2] [3] [4] [5] [6], the largest charter school network in Philadelphia [1] [5], experienced a significant ransomware attack attributed to the group DragonForce [3]. Detected on September 15, 2024 [1], the incident involved unauthorized access and malicious encryption of its systems [2], disrupting key operations such as phone and email access and compromising the personal data of over 37,000 individuals associated with the network. The exposed sensitive information included full names, Social Security numbers [1] [2] [4] [5] [6], dates of birth [1], taxpayer ID numbers [1], government-issued IDs [1], passport numbers [1], bank and financial information [1], credit and debit card details [1], biometric data [1], usernames and passwords [1], medical details [1] [4] [5] [6], health insurance information [1], student ID numbers [1], and student records [1] [5].
DragonForce claimed responsibility for the attack [1] [3], asserting that they stole 171 GB of data from the school system and listed Mastery Schools on their leak site [1]. However, Mastery Schools has not confirmed this figure, nor disclosed how the attackers gained access or whether a ransom was paid [1]. An investigation indicated that an unauthorized actor downloaded some data [2] [3], potentially including personal information [3], raising concerns about the data security practices within educational institutions and the risk of misuse. Although there is currently no evidence of identity theft or fraud linked to the breach [1], the compromised data poses a significant risk.
In response to the breach, Mastery Schools has begun notifying affected individuals and is offering complimentary identity protection services through Experian’s IdentityWorks [2], with enrollment available until August 31, 2025 [3]. CEO Dr [1]. Joel Boyd announced plans to enhance security measures [1], including increased use of multi-factor authentication and improved endpoint monitoring [1]. The organization is also collaborating with external cybersecurity professionals and federal law enforcement agencies to investigate the breach and mitigate future risks [1]. This incident marks DragonForce’s second attack on an educational institution [3], following a previous incident at St. Cecilia’s Church of England School in the UK [3]. Federman & Sherwood is evaluating whether appropriate measures were taken to secure the personal information and whether affected individuals are entitled to legal remedies [2].
Conclusion
The ransomware attack on Mastery Schools underscores the critical need for robust cybersecurity measures in educational institutions. The breach has prompted the organization to implement enhanced security protocols and collaborate with cybersecurity experts and law enforcement to prevent future incidents. The incident serves as a stark reminder of the potential consequences of data breaches and the importance of safeguarding sensitive information.
References
[1] https://ciso2ciso.com/mastery-schools-notifies-37031-of-major-data-breach-source-www-infosecurity-magazine-com/
[2] https://www.federmanlaw.com/blog/mastery-charter-high-school-data-breach-investigated-by-federman-sherwood/
[3] https://www.comparitech.com/news/philadelphia-charter-schools-notify-37k-people-of-major-data-breach/
[4] https://www.secretciso.org/secret-ciso-6-10-at-t-mastery-schools-sentinelone-google-a-wave-of-breaches-hits-at-t-and-mastery-schools-while-sentinelone-warns-of-chinese-cyber-threats-google-swiftly-patches-a-criti/
[5] https://www.infosecurity-magazine.com/news/mastery-schools-data-breach/
[6] https://www.secretciso.org/secret-ciso-6-10-at-ts-86m-breach-sentinelones-china-alert-googles-phone-fix-salesforces-cloud-flaws/
