Skip To Main Content

Data Security Incident Information

Data Security Incident Information

Greetings School District 5 Families and Staff:

As part of our ongoing effort to keep you informed, I have an important update on the progress of the investigation into our recent data security incident and information about actions we are taking as a result.

We have confirmed that information belonging to some individuals, whom we believe were former students from prior years, has been posted online in a forum used by threat actors. This information includes, among other things, names, date of birth, addresses and some Social Security Numbers. We are in the process of informing these specific individuals via mail and offering them credit monitoring and identity theft protection.

In addition, out of an abundance of caution, we are providing the same protection for all current district staff, though we do not have confirmation at this time that their information is at risk. We did not want to wait until our investigation was complete before offering them this important benefit.

The staff and former students can expect letters in the next two weeks, or sooner.  The letters will include instructions and unique codes for their protection. It is necessary that we conduct a thorough and systematic investigation that comports with state law.

Our investigation is ongoing, and we will be notifying additional individuals on a rolling basis if we determine they were impacted by this incident. Until our investigation is complete, we are not able to comment or speculate accurately on individual claims about suspected data security issues. We must let our investigation run its course.

To support our effort, we are working closely with local, state, and federal authorities, as well as independent experts in this field. We will be hosting a virtual Town Hall on August 26, 2025, with a former FBI official to answer any questions our community may have.  More information will be forthcoming about this event.

Finally, it has come to our attention that some non-directory information was obtained without consent. I want to offer our community guidance that includes steps you can take now to protect yourself and your families while our investigation continues. School District 5  encourages individuals to remain vigilant against incidents of identity theft and fraud by reviewing their account statements and monitoring their credit reports for suspicious activity. Such suspicious activity should be promptly reported to relevant parties including banking and/or financial institutions. Additionally, our community members are advised to use multifactor authentication (“MFA”) on sensitive accounts, use strong passwords and change them regularly, and never click on suspicious emails.

Again, we apologize for any inconvenience. I know we will emerge a better and stronger school district from this experience.

Thank you very much for your attention, patience and support as we continue our work to LOVE and GROW our students.

Dr. Akil E. Ross, Sr.

Superintendent

 

Lexington/Richland Counties District 5- FAQ Guidance

  1. What happened?

On June 3, 2025 we detected unusual network activity that is impacting certain aspects of our operations. In response, we immediately took steps to secure our network. Our IT team worked diligently with law enforcement and third-party specialists to investigate the full nature and scope of the incident and securely restore files and systems as expeditiously as possible.

Based upon the initial forensic data, our experts advised the incident involved a malicious actor outside our system.  We have retained a data mining expert to review the data and determine if any personal information was acquired by the malicious actor.  

We will abide with all state and federal laws to address this unprecedented series of cyber attacks on the education system in the United States. According to the U.S. Department of Education, there are an average of five of these incidents each week across the nation. (See, https://www.ed.gov/k-12-cybersecurity#:~:text=The%20Data,were%20victims%20of%20a%20cyberattack).  School districts are responding in the best manner possible, but there does not appear to be a great deal of federal response to apprehend the perpetrators and prevent school districts from being victimized by overseas adversaries and organized crime. We spoke with law enforcement sources who advised us that even government agencies are struggling to contain the overseas cyber threats.

We understand concerns about  protection of personal information.   We have been in daily contact with our data mining experts and have asked them to expedite the results of their investigation.  Once the findings are obtained, we will work diligently to advise individuals if their personal information was compromised and provide resources.      

If you believe a data privacy issue was associated with the school district’s event please email Lexrich5securityincident@lexrich5.org  

  1. When did you first learn of this incident?

We identified that certain network devices were unavailable on June 3, 2025, and initiated an investigation. The investigation is ongoing.

  1. Was any personal and/or important information impacted by the incident?

We have confirmed that information belonging to some individuals, whom we believe were former students from prior years, has been posted online in a forum used by threat actors. This information includes, among other things, names, date of birth, addresses and some Social Security Numbers. We are in the process of informing these specific individuals via mail and offering them credit monitoring and identity theft protection.

We are continuing to investigate to learn what was impacted by the incident through the data mining process. Should we learn of an impact to personal information, we will notify all affected individuals in accordance with applicable law. 

  1. Did the district have the appropriate level of IT security in place?

We have invested significant time and resources into our systems and practices to ensure we are appropriately protecting our systems and data. No system is foolproof. A recent audit of our Technology Security Infrastructure showed significant precautionary measures, leading to a reduction of our cyber incident deductible from $100,000.00 to $25,000.00.

  1. What are you doing to ensure this doesn’t happen again?

No system with access to the internet is 100% safe from advanced hacking. We have invested significant time and resources into our systems and practices to ensure we are appropriately protecting our systems. We have installed advanced cyber security detection software on district desktops, laptops, and servers. In addition, we will provide additional training to faculty and staff regarding data security and cyber threats.

  1. Is this a ransomware incident?

Yes, the district was attacked by Interlock, which law enforcement officials believe is operating overseas and is among the many sophisticated malicious actors victimizing school districts across the United States.

  1. Is my child’s social security number stored on School District Five’s servers/computer systems?

We do not store the social security numbers of our current students and families on our network. However, historical student records from 2010 were found to be impacted and released by Interlock.  We are notifying the affected individuals and providing credit monitoring services. At no time should a student or parent input their social security number in PowerSchool, special education documents, nursing forms, etc. If you have been asked to provide a social security number, please email Lexrich5securityincident@lexrich5.org  

  1. What about my child’s educational or non-directory information?

It has come to our attention that some non-directory information was obtained without consent. We have spoken with our Data Privacy experts and were advised that school data such as grade transcripts and class schedules are rarely if ever used to assume a child’s identity.  The data has no monetary value and cannot be used to file taxes as most children do not have bank accounts.

Per 34 CFR § 99.32(a)(1), an educational agency or institution must maintain a record of each request for access to and each disclosure of personally identifiable information from the education records of each student, as well as the names of State and local educational authorities and Federal officials and agencies that may make further disclosures of personally identifiable information from the student’s education records without consent.

FERPA defines a “disclosure” as the “access to or the release, transfer, or other communication of [PII] contained in education records by any means, including oral, written, or electronic means, to any party except the party identified as the party that provided or created the record.”  The district will abide by these regulations and send out notifications as necessary.

  1. Should I worry that personal information is unsafe? 

We are investigating to learn what data was impacted by the incident. Should we learn of an impact to personal information, we will notify all affected individuals in accordance with applicable law. Rest assured the protection of employee and student information is among our top priorities. 

  1. What can I do to protect myself?   

To further support our effort, we are working closely with local, state, and federal authorities, as well as independent experts in this field. We will be hosting a virtual Town Hall on August 26, 2025, with a former FBI official to answer any questions our community may have.  More information will be forthcoming about this event.

Our data privacy experts advise that you use multifactor authentication (“MFA”) in this modern era on sensitive accounts, change your password often, and use strong passwords with special characteristics.  If you feel that your identity has been stolen, you can use the information below that often accompanies consumer notifications.

Additional Steps You Can Take to Further Protect Your Information

Review Your Account Statements and Notify Law Enforcement of Suspicious Activity: As a precautionary measure, we recommend that you remain vigilant by reviewing your account statements and monitoring free credit reports closely for errors and by taking other steps appropriate to protect accounts, including promptly changing passwords. If you detect any suspicious activity on an account, you should promptly notify the financial institution or company with which the account is maintained for remediation assistance or contact a remediation service provider. You also should promptly report any fraudulent activity or any suspected incidence of identity theft to proper law enforcement authorities, your state attorney general, and/or the Federal Trade Commission (FTC). You should also contact your local law enforcement authorities and file a police report. Obtain a copy of the police report in case you are asked to provide copies to creditors to correct your records. Contact information for the Federal Trade Commission is as follows:

Copy of Credit Report: You may obtain a free copy of your credit report from each of the three major credit reporting agencies once every 12 months by visiting http://www.annualcreditreport.com/, calling toll-free 877-322-8228, or by completing an Annual Credit Report Request Form and mailing it to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 30348. You can print this form at https://www.annualcreditreport.com/cra/requestformfinal.pdf. You also can contact one of the following three national credit reporting agencies: 

Fraud Alerts: There are two kinds of general fraud alerts you can place on your credit report—an initial alert and an extended alert. You may want to consider placing either or both fraud alerts on your credit report. An initial fraud alert is free and will stay on your credit file for at least 90 days. The alert informs creditors of possible fraudulent activity within your report and requests that the creditor contact you prior to establishing any accounts in your name. You may have an extended alert placed on your credit report if you have already been a victim of identity theft and provide the appropriate documentary poof. An extended fraud alert is also free and will stay on your credit report for seven years. To place a fraud alert on your credit report, contact any of the three credit reporting agencies identified above. Additional information is available at http://www.annualcreditreport.com. Military members may also place an Active-Duty Military Fraud Alert on their credit reports while deployed. An Active-Duty Military Fraud Alert lasts for one year and can be renewed for the length of your deployment 

Credit or Security Freezes: Under U.S. law, you have the right to put a credit freeze, also known as a security freeze, on your credit file, for up to one year at no cost. The freeze will prevent new credit from being opened in your name without the use of a PIN number that is issued to you when you initiate the freeze. A security freeze is designed to prevent potential creditors from accessing your credit report without your consent. As a result, using a security freeze may interfere with or delay your ability to obtain credit. 

You must separately place a security freeze on your credit file with each credit reporting agency. There is no fee to place or lift a security freeze. For information and instructions on how to place a security freeze, contact any of the credit reporting agencies or the Federal Trade Commission identified above. In order to place a security freeze, you may be required to provide the consumer reporting agency with information that identifies you including your full name, Social Security number, date of birth, current and previous addresses, a copy of your state-issued identification card, and a recent utility bill, bank statement or insurance statement. After receiving your freeze request, each credit bureau will provide you with a unique PIN or password. Keep the PIN or password in a safe place as you will need it if you choose to lift the freeze.

A freeze remains in place until you ask the credit bureau to temporarily lift it or remove it altogether. If the request is made online or via phone, a credit bureau must lift the credit freeze within an hour. If the request is made by mail, then the bureau must lift the freeze no later than three business days after receiving your request.

IRS Identity Protection PIN: You can obtain an identity protection PIN (IP PIN) from the IRS that prevents someone else from filing a tax return using your Social Security number. The IP PIN is known only to you and the IRS and helps the IRS verify your identity when you file your electronic or paper tax return. You can learn more and obtain your IP PIN here: https://www.irs.gov/identity-theft-fraud-scams/get-an-identity-protection-pin.

You may also report concerns regarding the IRS here.   

You also have certain rights under the Fair Credit Reporting Act (FCRA): These rights include the right to know what is in your file; to dispute incomplete or inaccurate information; to have consumer reporting agencies correct or delete inaccurate, incomplete, or unverifiable information. For more information about the FCRA, and your rights pursuant to the FCRA, please visit http://files.consumerfinance.gov/f/201504_cfpb_summary_your-rights-under-fcra.pdf.

Additional Free Resources: You can obtain information from the consumer reporting agencies, the FTC, or from your respective state attorney general about fraud alerts, security freezes, and steps you can take toward preventing identity theft. You may report suspected identity theft to local law enforcement, including to the FTC or to the attorney general in your state. 

Additional information:  

South Carolina:  https://sc.gov/privacy-and-security-policy