Mastery Schools, Philadelphia’s largest charter school network, formally notified 37,031 people over the weekend that their data was compromised in a September 2024 cyber attack.
In a letter to those affected, the organization’s CEO Dr. Joel Boyd said the attack involved malicious encryption first detected on Sept. 15, 2024. In response, Mastery officials shut down affected systems, contacted federal law enforcement and enlisted cybersecurity experts to investigate and contain the breach. An internal investigation has since confirmed that the attacker accessed and downloaded data.
Though a version of the letter posted on Maine’s state website leaves blank what information was involved, a June 9 blog post by the technology research firm Comparitech said it had confirmed the compromised data includes names, dates of birth, taxpayer ID numbers, passport numbers, bank account information, credit card information, biometrics, user names, passwords, medical information, student records and other information. Comparitech said the ransomware group DragonForce, which operates a ransomware-as-a-service business in which customers pay to use their malware and infrastructure to launch attacks and collect ransoms, took credit for the attack, claiming to have stolen 171 GB of data. Mastery Schools has not confirmed this.
