The Mastery Schools network in Philadelphia, Pennsylvania, has confirmed a ransomware attack that compromised the personal data of 37,031 people. This major security breach, which occurred in September 2024, exposed a wide range of very sensitive and personal information. The exposed data included Social Security numbers, detailed medical information, and also many different confidential student records from the school network. The notorious DragonForce ransomware gang has now officially claimed responsibility for this cyberattack, stating that it stole 171 gigabytes of data. The school network has not yet publicly verified the claim made by this particular ransomware group about the data theft from them.
Mastery Schools, which is the largest charter school network in Philadelphia, Pennsylvania, first detected the attack on September 15, 2024.
The organization realized an unauthorized actor had successfully encrypted its systems, which immediately disrupted key operational services, including phone and email access. Mastery began sending out official data breach notification letters over the weekend to all of the individuals who have been affected by this incident. In the notification, the school network stated that an unauthorized actor had downloaded some of its data, which may have included their information.
They added there is no current evidence of identity theft or any fraud linked to this recent security breach.
The DragonForce ransomware gang first started posting its targets on its data leak site back in December of the year 2023. It operates a ransomware-as-a-service business, which allows customers to use its malware and infrastructure to launch various cyberattacks. DragonForce often extorts its victims for both a decryption key to unlock their infected systems and for not publicly releasing their stolen data. The group has taken credit for thirty-two confirmed ransomware attacks in total, plus one hundred thirty-nine other unconfirmed claims against organizations. Seven of those confirmed attacks occurred in 2025, including high-profile breaches of several large UK retail chains like Marks & Spencer.
The attack on Mastery Schools in Philadelphia, Pennsylvania, marks the second time this ransomware group has attacked a school. The other school that was targeted was St. Cecilia’s Church of England School, which is located in the United Kingdom. DragonForce also stole data and caused significant IT downtime in that particular attack as well, showing a pattern of similar activity. Mastery Schools is now offering all of its eligible victims free identity theft protection services provided through the credit bureau Experian. The deadline for all of the affected individuals to enroll in these important identity protection services is August 31, 2025. This gives them time to act.
Reference: