Onze-Lieve-Vrouwinstituut Pulhof
February 2, 2026
•[ ransomware, encryption, extortion ]
Belgian media reported that OLV Pulhof in Berchem was hacked and its servers were encrypted, consistent with a ransomware incident. The attackers demanded payment and reportedly threatened to publish personal data of students and staff if the ransom was not paid. In a follow-up, school leadership said they had no information that data had actually been leaked at that time and that they were closely monitoring the situation with responders. The incident primarily produced disruption through system encryption and extortion pressure; confirmed data exposure was not established in the referenced update.
Westport Public Schools email account
February 2, 2026
•[ phishing, email hijacking, data leak ]
Student-submitted personal info via linked Google Form: name, email address, home address, date of birth, grade level, and bank name","Westport Public Schools reported that a district staff email account (identified as a Spanish teachers account) was hijacked on a Friday afternoon and then used to send a phishing email to students in grades K12 with the subject line Employment Program For Westport Public Schools. The message advertised a work-from-home employment program connected to Feed the Children and included a linked Google Form encouraging students to apply. Because the email originated from an internal staff account, it bypassed normal email restrictions and reached student inboxes across the district, including Staples High School. District officials said the technology department removed all copies of the email from the school system and began identifying students who clicked the link and may have submitted personal information; families of students who filled out the form were contacted directly and advised to monitor accounts for fraud. Officials stated no district systems were breached beyond the single compromised email account and that student school-issued accounts remained secure.
Uvalde Consolidated Independent School District
September 13, 2025
•[ ransomware, malware, education ]
Ransomware detected on UCISD servers led to cancellation of most/all classes the week of Sept. 15; investigation and recovery continued, with essential safety/operations systems disrupted; classes to resume Sept. 22; district reports no data breach
Kido International (London Nurseries)
September 10, 2025
•[ ransomware, education ]
Ransomware group Radiant claimed intrusion into Kido Internationals London nursery network in early September 2025, stealing data on over 8,000 children. The group leaked samples and demanded ransom. Kido confirmed the breach in late September but reported no encryption or operational disruption.
Kerrville Independent School District
August 29, 2025
•[ ransomware, malware, education ]
Qilin ransomware group infiltrated Kerrville ISD systems, accessed and copied sensitive personnel and student information. District secured its network, reported to FBI, and provided credit protection to affected individuals.
Centre de services scolaire des Appalaches (CSSA)
August 25, 2025
•[ ransomware, education ]
INC carried out a ransomware attack on CSSA on August 25, 2025, encrypting about 70% of archives and exfiltrating ~180 GB of data. Stolen data included personal records of students and staff, plus organizational financial, legal, and administrative documents. The incident lasted days to weeks before being publicly disclosed on September 3.
Government, tech, academic & telecom entities; global
August 22, 2025
•[ espionage, malware, government ]
CrowdStrike reports that multiple Chinese-linked groupsMurky Panda, Genesis Panda, and Glacial Pandahave exploited vulnerabilities (e.g., Citrix CVE-2023-3519, Commvault CVE-2025-3928) to deploy the CloudedHope malware for covert espionage against cloud, telecom, government, tech, academic, legal, and professional services organizations worldwide.
Weymouth and Kingston Maurward College (Dorset College group)
August 15, 2025
•[ social, phishing, education ]
A phishing incident at Dorset Colleges Weymouth and Kingston Maurward campus resulted in the compromise of multiple staff email accounts around August 15, 2025. Spam was sent from affected accounts. Exposure may have included contact details of prior email correspondents. The breach was contained swiftly with minimal impact. Reported to the ICO.
Rochester Schools (IN)
August 13, 2025
•[ hack, education ]
Investigation ongoing; small group of staff email accounts impacted.
University of St. Thomas (Houston, TX)
August 12, 2025
•[ ransomware, malware, education ]
On August 12, 2025, the University of St. Thomas in Houston, Texas, detected unauthorized access and voluntarily shut down key systems for nine days. External sources confirmed the INC ransomware gang claimed responsibility, stating they stole 1.8 TB of sensitive university data. University operations including student portals, financial aid, and course scheduling were fully disrupted, though no encryption was reported. Public disclosure followed on August 25, 2025.
University of Western Australia
August 9, 2025
•[ hack, education ]
University of Western Australia detected unauthorized access to password data of thousands of staff and students on or around August 9, 2025. As a precaution, all accounts were locked, and passwords reset. There is no evidence any other data was accessed, and no indication of ransomware. Systems have been restored with enhanced security measures.
Scotch College, Melbourne
August 9, 2025
•[ hack, education ]
Scotch Colleges IT systems were accessed by an unknown third party over the weekend of August 910, 2025. The school shut down servers, disabled accounts, and enlisted forensic and ACSC support. In a letter, they apologized to families and alumni for the breach and warned to be vigilant pending the completion of investigations.
University of Southeastern Philippines
August 9, 2025
•[ hack, leak, education ]
Unauthorized access to student records system; ~175,000 records including student ID, name, email, enrollment status, academic monitoring records; data put up for sale; USeP responded by suspending system, migrating servers, enhancing security
Institute Ruđer Bošković (administrative/professional services IT)
July 31, 2025
•[ ransomware, education ]
IRB was hit by a ransomware attack on July 31, 2025 via Microsoft SharePoint ToolShell vulnerabilities; administrative/professional services systems were encrypted. IRB refused to pay, isolated affected segments, and restored from backups by Aug 8; later updates confirmed full service restoration and no evidence of data exfiltration.
IMDataCenter
July 15, 2025
•[ leak, hack, misconfiguration ]
Unsecured AWS S3 bucket exposed ~38GB of records; hacker downloaded ~75GB, including ~20M emails, ~37M phone numbers, 50k SSNs/DOBs; affects multiple industries (healthcare, airlines, universities, dealerships). Bucket later secured; lawsuits pending.
Manassas Park City Schools
June 12, 2025
•[ ransomware, malware, education ]
The MPCS network was infiltrated and encrypted via ransomware around June 12, 2025; data may have been accessed including full names paired with SSNs, passport numbers, or financial account details. No group has claimed responsibility. Investigation ongoing and FBI notified.
Lexington-Richland School District 5
June 5, 2025
•[ ransomware, phishing, education ]
On June 3, 2025, Lexington-Richland School District 5 detected a network intrusion following a phishing email that disrupted systems, delayed summer school and staff bonuses. Over 1.03 TB of data has been confirmed under review. Though Interlock claimed responsibility, this is unverified. The district refused ransom demands and is offering credit monitoring to affected individuals.
Columbia University IT Systems
May 16, 2025
•[ leak, education ]
An unauthorized actor gained access to university systems on May 16, 2025, and exfiltrated approximately 460GB of sensitive personal, financial, and health data following an IT outage; patient records from the medical center were unaffected; notifications are underway
West Lothian Council, Education Network
May 6, 2025
•[ ransomware, education ]
West Lothian Council reported a ransomware cyberattack affecting the education network; contingency plans kept schools open while systems were restored.
Bartlesville Public Schools
April 30, 2025
•[ hack, education ]
On April 30, 2025, unauthorized intruders stole files from Bartlesville Public Schools containing names and Social Security numbers of staff and students. The breach was discovered by August 4 and reported on August 27. Affected individuals received credit monitoring support.
