‘Malicious actors’ behind SC school district cyber attack, superintendent says
The Lexington-Richland 5 school district is working to restore system and recover files that were compromised in last week’s cyber attack.
Superintendent Akil Ross gave an update on the situation at Monday’s school board meeting, after the hack shut down operations across the Chapin-Irmo-area district and even delayed payment of a year-end employee bonus.
“On June 3, 2025, we detected unusual network activity that is impacting certain aspects of our operations,” Ross said. “In response, we immediately took steps to secure our network. Our technology team has been working diligently with law enforcement and third-party specialists to investigate the full nature and scope of the incident and securely restore files and systems as expeditiously as possible.
“Unfortunately, the initial findings indicated that the district was a victim of actions by malicious actors outside of the district’s environment,” Ross said, noting that “school districts across the nation have been victimized by overseas extortion criminal groups” during a 70% surge in such attacks targeting school districts at the start of 2025.
Forensics teams are working to restore the systems district employees were locked out of during the attack, but Ross said Monday they believe the district’s most sensitive data is still secure.
“While we are working diligently to restore files and systems as quickly as possible, the restoration process takes time, and it is possible that not all files will be restored,” Ross said. “At this time, we do not have sufficient evidence of a data breach. ... At this time, we have no reason to believe that any sensitive data is being misused.”
Using a secure network environment, staff were able to “ensure our June 15, 2025, payroll was completed and will be paid on time,” the superintendent added.
The breach has led the district to push back the start of high school summer classes by a week, and a $1,500 year-end bonus that was due to be paid out on Friday also had to be pushed back because of the attack on the district’s computer systems.
The superintendent said the district isn’t able to answer all questions about the incident and its response, partly to protect its own security.
“We don’t want to share how thick our walls are,” Ross said.
He praised the response of the district team to handling the breach even as it disrupted business as usual in the district.
“They didn’t see us sweat,” Ross said of the hackers. “They see us standing tall and moving forward.”
This story was originally published June 10, 2025 at 10:21 AM.
.jpg)