The Charleston County School District (CCSD) has revealed new details about a major cybersecurity incident that happened in July 2024, which affected more than 20,000 students and staff members. The district confirmed that a known cybercriminal group called RansomHub was behind the data breach.
What Happened?
Between July 16 and July 19, 2024, a group of hackers gained unauthorized access to the district’s network and stole personal information of 20,653 people. This includes students and staff from as far back as 2005, according to CCSD.
The stolen data varied for each person and could include sensitive details. A thorough investigation, done in partnership with cybersecurity experts, confirmed that the hackers were part of a group called RansomHub, known for targeting schools, hospitals, and other critical services.
Notifications and Support for Affected Individuals
The school district has completed a full review of whose data was accessed and has already mailed letters to those affected. These letters include:
- A summary of the breach
- Details about what personal information was involved
- Advice on what to do next
To help protect those affected, CCSD is offering free identity protection services, including:
- Credit monitoring
- Identity theft recovery assistance
- Insurance coverage up to $1 million
If you receive a letter from the school district, you are advised to use these services. You can also contact their helpline at 1-877-522-6813 between 9 a.m. and 9 p.m., Monday to Friday for more help.
Security Measures Taken
CCSD confirmed that the hackers found a weakness in their network, but that vulnerability has now been completely fixed. The district also upgraded its cybersecurity systems to avoid future attacks.
Importantly, the school district also said it did not pay any ransom to RansomHub at any point during or after the breach.
Who is RansomHub?
RansomHub is a cybercriminal group that first appeared in February 2024. They target many important sectors like:
- Education
- Government services
- Healthcare
- Emergency services
- Technology companies
In August 2024, the group was blamed for a major cyberattack on Halliburton, an oil company, causing up to $35 million in losses. Their method involves stealing data, encrypting systems, and then demanding ransom money to stop the leaks or return access.
The Cybersecurity and Infrastructure Security Agency (CISA) has shared warnings and guidelines to help protect organizations from such threats. RansomHub’s online infrastructure reportedly went offline as of April 1, 2025, but experts remain cautious.
This incident highlights how important cybersecurity has become, even in schools. The Charleston County School District is taking steps to protect students and staff while offering support to those affected. As cyber threats grow more serious, it’s crucial for both individuals and institutions to stay alert and protect their data.
