Madison Elementary School District 38 has begun the process of notifying 35,000 people about a data breach stemming from a ransomware attack that took place in April 2025. The attack, allegedly carried out by a group known as Interlock, resulted in the theft of an estimated 75 GB of data. The school district’s notification confirms the incident, stating that on or about April 7, 2025, a “third-party threat actor” claiming to be Interlock conducted a ransomware attack on its network. This attack was initiated through a social engineering scheme targeting a Madison employee, and it may have led to the exposure of personal information.
While the specific types of data compromised were not detailed in the notification letter, the district is providing those affected with free access to identity protection services from IDX. This offer strongly suggests that the stolen data includes highly sensitive information such as Social Security numbers or financial records. By providing these services, the school district is taking a precautionary measure to help mitigate potential harm to individuals whose information may have been exposed during the security incident.
To assess the full scope of the breach, Madison Elementary School District enlisted the services of Arete, a cybersecurity firm. An emergency purchase order reveals that the cost for this analysis was just over $21,700. Arete’s work involved a comprehensive analysis of nearly 100 GB of data to determine exactly what information had been compromised and the extent of the damage caused by the ransomware attack.
According to Interlock’s own claims, they stole 70 GB of data, which was spread across 4,247 folders containing nearly 49,000 files. The group provided proof by displaying the names of some of these folders. These folder names, which included “Accounts Receivable,” “Gifts & Donations,” “Images,” and “Videos,” hint at the diverse range of information that was likely accessed and exfiltrated during the attack, potentially impacting both financial and personal data.
While Madison Elementary School District has confirmed that Interlock was the group behind the attack, it has not yet confirmed whether a ransom was demanded or paid. The ongoing investigation and the analysis by Arete are critical to fully understanding the implications of the breach. The district’s proactive steps in notifying those affected and offering identity protection services are an important response to the potential risks faced by the 35,000 individuals whose data may have been compromised.
Reference:
