The Lexington-Richland 5 school district announced on Friday that personal information for former students — including names, addresses and Social Security numbers — was posted on an online forum “used by threat actors.” The disclosure follows a district-wide cyber incident in early June that disrupted web access, pushed back the start of summer school and temporarily delayed pay for teachers and staff.
District officials said the exposed records were discovered after investigators traced the postings to a forum frequented by criminal actors. Superintendent Akil Ross recorded a message to families and staff explaining the situation and urging patience while the inquiry continues. “This summer, we were confronted with a data security incident. This is a rising trend that we’re seeing with global threat actors attacking institutions like school districts,” Ross said. “As a result, we have remained fully committed to the safety and security of our faculty, staff and community. This investigation will take some time.”
The district serves students in the Chapin and Irmo areas. Officials confirmed the breach affects former students and said notifications to those impacted will be issued on a rolling basis. A district spokesperson declined to confirm the total number of people affected, citing the ongoing investigation.
Lexington-Richland 5 said the June incident initially disrupted services across the district’s network and delayed scheduled summer operations. The subsequent discovery that former-student data had been posted online prompted the district to expand its response. In its communications, the district emphasized that it is investigating the incident with urgency and that families will be kept informed as new information becomes available.
To help mitigate risk, the district will offer credit monitoring and identity-theft protection to the people whose data was published and to all current district staff. District officials told local press the cost of those services will be covered through the district’s insurance. The district also scheduled a virtual town hall for August 26 where a former FBI official will take questions from families and staff about the incident, its risks and the district’s response measures.
Officials stressed that the posted records came from a forum that threat actors use to share and trade stolen data. Public exposure of names, addresses and Social Security numbers raises classic identity-theft concerns: those data points can be used to create fake credentials, open accounts, or conduct tailored social-engineering attacks. The district’s letter to families urged vigilance for suspicious messages and offered guidance on the services being provided.
Superintendent Ross framed the breach in the wider context of a growing number of attacks against education institutions. “This is a rising trend,” he said in the video message, and the district has said it will review security controls and policies as part of the investigation. The district did not provide technical details about how the breach occurred, nor did it identify which systems were compromised in June beyond noting the district-wide impact on web services and payroll timing.
The district is working to identify each individual whose information was exposed and to confirm the timeline and scope of the postings. Notifications to affected people will be sent as the investigative team validates records. Officials also indicated they are coordinating with law enforcement and external specialists as part of the response, though they did not disclose which agencies or vendors are involved.
Community reaction has focused on concern for those whose details were published and on how quickly the district can close the gaps that allowed the exposure. The planned virtual town hall with a former FBI official is intended to address those concerns directly and to provide families with practical steps they can take immediately, such as enrolling in the offered monitoring services and reporting suspicious activity promptly.
The district’s public statement included an apology to families and staff. “We apologize for any inconvenience. I know we will emerge a better and stronger school district from this experience,” Ross said. The message underscored the district’s intent to combine remediation — notification, monitoring and investigation — with a review of its cybersecurity posture.
At this stage, Lexington-Richland 5 has limited its public comments to the facts it can confirm: that an early-June breach affected district systems, that former-student personal data was posted on an actor forum, that notifications will be issued on a rolling basis, and that the district will provide credit monitoring and identity-theft protection to those impacted and to current staff. The investigation remains active; the district has asked the community to await additional updates and to attend the scheduled town hall for more information.
