Ransomware Attack on Mastery Schools Compromises Over 37,000 Personal Records
Philadelphia’s largest charter school network, Mastery Schools, has confirmed a major ransomware attack that resulted in the exposure of a wide range of sensitive information—including Social Security numbers, credit card details, biometric data, and student records.
Although the breach occurred in September 2024, the network only recently began notifying impacted individuals. According to documentation filed with the Maine Attorney General’s Office, the incident affected at least 37,328 people. With the network serving about 12,000 students across 24 schools, the exposure clearly extends beyond students and includes staff, families, and affiliates.
“As soon as we discovered this suspicious activity, we immediately took steps to investigate, contain, and remediate the situation, including proactively shutting down systems, reporting the matter to federal law enforcement, and engaging experienced cybersecurity professionals to assist,”
the school network said in its breach notification.
What Data Was Exposed in the Attack?
According to Mastery Schools and a statement on its website, the stolen information may include:
- Full names and dates of birth
- Social Security numbers (SSNs) and Taxpayer IDs
- Government-issued IDs and passport numbers
- Bank account and financial information
- Credit and debit card details
- Biometric identifiers
- Usernames and passwords
- Medical and health insurance data
- Student ID numbers and academic records
The data points exposed open multiple attack vectors for threat actors. The presence of biometric data is particularly critical, as this type of information cannot be altered or reissued once compromised.
The breach poses a range of risks, including identity theft, fraudulent account creation, unauthorized tax filings, and potential misuse of healthcare benefits.
DragonForce: The Group Behind the Breach
Although Mastery Schools referred to the perpetrators only as “unauthorized actors,” the DragonForce ransomware gang has claimed responsibility. The group reportedly stole over 170 gigabytes of data during the breach.
DragonForce has been active since 2023 and is becoming one of the more aggressive ransomware operations currently in play. The cartel recently gained attention for:
- Attacking Marks and Spencer, a major UK retailer
- Claiming to breach and disrupt operations of rival ransomware groups like BlackLock, Mamona, and RansomHub
The group has also attempted to recruit affiliates from competitor gangs and claimed to have overtaken some of their infrastructures. According to Ransomlooker, a dark web monitoring tool, DragonForce has targeted 104 organizations in the past year alone.
Mastery Schools Responds With Support Measures
To address concerns, Mastery Schools is offering free identity protection services, including access to fraud detection tools for affected individuals. While the scale of the attack and nature of the stolen data pose ongoing risks, these steps aim to mitigate immediate impacts.
Mastery Schools operates in both Philadelphia, Pennsylvania, and Camden, New Jersey, and is recognized as the largest charter school network in the region. The breach highlights the growing threat landscape in the education sector, particularly among institutions that store large volumes of personal, financial, and academic data.
