Great Valley School District impacted by ransomware attack by Medusa gang
Learn More
The Great Valley School District in Pennsylvania reports that it was a target of the Medusa ransomware gang. The gang has proven their attack by releasing a file tree that includes a variety of sensitive internal files, such as those from Skyward, Canvas, PowerSchool, and more. They also shared over 20 screenshots as proof, which contain confidential information about students and employees. The ransomware group is demanding $600,000 from the district, which is home to more than 4,000 students.
The district has refused to pay the ransom. The school district publicly acknowledged the cyberattack on its official website, stating that the incident occurred between October 31 and November 10. The district's statement mentioned that in addition to the data seen in the screenshots, other stolen data may include:
- Social Security numbers,
- driver’s license details,
- medical information
The number of affected individuals is not disclosed.
An intriguing and concerning detail noted by De Felice in his examination of the published files is the discovery of at least one medical document belonging to a woman. This raises serious concerns not only about the breach of sensitive medical data but also about why such information was present on the school district’s servers in the first place, pointing to potential lapses in data protection and privacy practices.
