Kept in the Dark: Inside the Providence Schools Ransomware Attack

Kept in the Dark is an in-depth investigation into more than 300 K-12 school cyberattacks over the last five years, revealing the forces that leave students, families and district staff unaware that their sensitive data was exposed. Use the search feature below to learn how cybercrimes — and subsequent data breaches — have played out in your own community. Here's what we uncovered about a massive ransomware attack on the Providence, Rhode Island school district.
After the Providence, Rhode Island, school district fell victim to a September 2024 cyberattack by the Medusa ransomware gang, school officials said an ongoing investigation found 'no evidence that any personal information for students has been impacted.'
Get stories like this delivered straight to your inbox. Sign up for The 74 Newsletter
Get stories like this delivered straight to your inbox. Sign up for The 74 Newsletter
An investigation by The 74, including a review of stolen files captured in the 217-gigabyte leak, indicates otherwise. Sexual misconduct allegations involving both students and teachers, children's special education records and their vaccine histories were posted online after Providence Public Schools did not pay the cybercriminals' $1 million ransom demand.
The district's failure to acknowledge that students' records had been exposed — even after being informed otherwise by The 74 — means that parents and students were likely unaware that their private affairs had entered the public domain.
In October 2024, Providence schools notified 12,000 current and former employees that their personal information, such as their names, addresses and Social Security numbers, had been compromised. But the letter never makes mention of students' sensitive records.
In response to The 74's findings in mid-October 2024, a district spokesperson didn't acknowledge that students' sensitive information was compromised. He said the district 'has been able to confirm that some [of its] files' were accessed by an 'unauthorized, third party,' and that 'security consultants are going through a comprehensive review' to determine whether the leaked files contain personal information 'for individuals beyond current and former staff members.'
Meanwhile, in an unsolicited phone call to The 74, a state education department spokesperson appeared to contradict that, saying 'no one had actually gone in to see the files.'
Included in the leak is the 2024-25 Individualized Education Program for a 4-year-old boy who pre-K educators observed had 'significant difficulty sustaining attention to task' and who 'wandered around the classroom setting without purpose.' Another special education plan notes a 3-year-old boy 'randomly roamed the room humming the tune to 'Wheels on the Bus,' pushed chairs and threw objects.'
A single spreadsheet lists the names of some 20,000 students and their demographic information, including disability status, home addresses, contact information and parents' names. Another contains information about their race and the languages spoken at home.
A 'termination list' included in the breach notes the names of more than 600 district employees who were let go between 2002 and 2024, including an art teacher who 'retired in lieu' of being fired and a middle school English teacher who 'resigned per agreement.' Another set of documents reveals a fifth-grade teacher's request — and denial — for workplace accommodations for obsessive compulsive disorder, anxiety and panic attacks that make her 'less effective as an educator if I am not supported with the accommodations because I can not sleep at night.'
In one leaked April 2024 email, a senior central office administrator sought a concealed handgun permit from the state attorney general, noting they 'have a safe at work as well as one at home.'
Following an investigation published by The 74 and The Boston Globe in October, the district sent a letter to families acknowledging that students' personal information, such as vaccine records and special education details, were exposed in the attack.
In response to an inquiry from The 74, a district spokesperson said in a November statement that educators remain 'committed to transparency and the security of personal information.'
'During these types of incidents, districts typically start with limited information on what occurred and then gain more information over the course of the investigation,' the statement continues. 'As we navigated the initial uncertainty of the situation, PPSD prioritized taking real-time action and communicating with all stakeholders as we gathered more information.'

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

USA Today

5 hours ago

• USA Today

Customer data possibly leaked in Aflac cyberattack, the third insurance hack this month

The Aflac breach potentially impacted files with customers' Social Security numbers and health details. Insurance company Aflac disclosed this week that cybercriminals breached its U.S. network and may have accessed customers' personal information, the latest in a string of cyberattacks on insurance companies announced this month. Aflac, which provides home and life insurance and manages data for more than 50 million policyholders, said in a June 20 federal regulatory filing it identified suspicious activity on its U.S. network on June 12. The company said it believes it stopped the intrusion within hours of identifying it, calling the attack part of a 'cybercrime campaign against the insurance industry.' The breach potentially impacted files containing customers' personal information, such as Social Security numbers and health-related details. Aflac said it is investigating the breach with the help of third-party cybersecurity experts and has not yet determined how many customers were affected. An Aflac spokesperson told Reuters that the characteristics of the incident were consistent with the hacking group Scattered Spider, which has a reputation for targeting multiple companies in a single industry in waves. More: This is how you stop online trackers from collecting your health data Latest Tech News: Is TikTok getting banned? Trump says he'll 'probably' extend deadline again It's the largest insurance provider yet to disclose a breach this month, after cyberattacks on Erie Insurance and Philadelphia Insurance Companies disrupted their network operations. Aflac said the attack did not affect its systems and it is able to continue providing services as usual while it responds to the security breach. Contributing: Reuters. Kathryn Palmer is a national trending news reporter for USA TODAY. You can reach her at kapalmer@ and on X @KathrynPlmr.

New York Post

a day ago

• New York Post

Aflac customer data breached by cybercriminals in latest hit on US insurance industry

Aflac's customer data has been breached in the latest cyberattack on the US insurance industry – potentially jeopardizing Social Security numbers, insurance claims and health information, the company said Friday. It's the largest insurance company yet to fall victim to a major hacking, with tens of millions of customers and a $55 billion market cap. 'This attack, like many insurance companies are currently experiencing, was caused by a sophisticated cybercrime group,' Aflac said Friday. Aflac said Friday that its network had been hacked by cybercriminals. yu_photo – Aflac — long known for its quacking duck TV commercials — said it is unable to determine the total number of impacted individuals and the specific data stolen. Its systems were not affected by ransomware, so it is fully operational, and the company has engaged third-party cybersecurity experts, Aflac added. It said it stopped the intrusion on June 12 hours after it noticed suspicious activity. Erie Insurance and Philadelphia Insurance Companies have also reported hacks this month. Both of those cases led to widespread disruptions across their IT systems. All three of the major hacks are consistent with techniques used by a group of young cybercriminals known as Scattered Spider, sources familiar with the investigation told CNN. Aflac said the hackers used 'social engineering' tactics to breach their network, manipulating employees to gain access to a company system and often posing as tech support workers over the phone — a trademark of Scattered Spider. All three of the major hacks are consistent with methods used by Scattered Spider, sources told CNN. Montri – In the past, these hackers have posed as company help desk staffers to obtain credentials from employees or tricked workers into installing tools on their devices that will hand over network access, according to the US Cybersecurity & Infrastructure Security Agency. Scattered Spider is believed to be made up of teens and young adults in the US and UK and is known for aggressively extorting victims. Its members recently targeted Marks & Spencer and other UK retailers, and famously carried out a hacking spree across Las Vegas casinos in September 2023. Cybersecurity executives have sounded the alarms over the group's attack on the US insurance industry, warning companies to tell their employees to be wary of suspicious phone calls. Aflac did not mention Scattered Spider by name in its press release.

Axios

a day ago

• Axios

Aflac caught in string of cyberattacks on insurers

Aflac, a U.S. insurance provider that covers millions of policyholders, warned some of its customers' most sensitive data may have been stolen in a recent cyberattack. Why it matters: Aflac warned that a "sophisticated cybercrime group" was behind the intrusion and said many insurance providers are currently battling the same group. Driving the news: The insurance provider told investors in an SEC filing Friday that it detected unauthorized activity within hours on its networks on June 12. The incident didn't impact Aflac's operations and the company noted it also was not the victim of ransomware. Aflac said its initial investigation suggests that the hackers used social engineering techniques to gain access to the company's systems. From there, they likely stole an undetermined number of files from the systems, potentially including customers' claim information, health information, Social Security numbers and other highly sensitive personal details. Aflac is still investigating the scope of the breach and hired third-party investigators to assist in the matter. Between the lines: A source familiar with the investigation told Axios that the characteristics of the attack are consistent with those of the English-speaking cybercriminal gang Scattered Spider. Google's cybersecurity experts warned earlier this week that the cybercriminal gang was turning its attention to the insurance sector after a month-long hacking spree against retailers.