Sign in Subscribe
By Dysruption Hub in Education

Cyberattack Hits South Carolina’s Lexington-Richland School District, Delays Bonuses

A cyberattack targeting Lexington-Richland School District Five in Columbia, South Carolina, has disrupted critical systems and delayed employee retention bonuses. On Thursday, June 5, 2025, the district confirmed the incident, notifying staff that $1,500 payments scheduled for Friday, June 6, will not be issued. Employees also received an alert from the district’s technology office instructing them not to use district computers or access the network. The message cited support from state and federal partners and promised more updates as the investigation progresses.

In a widely circulated Reddit thread, community members speculated the breach may involve ransomware and linked it to vulnerabilities in platforms like PowerSchool, a widely used student information system. Users pointed to a string of similar attacks in North Carolina, Vermont, and Toronto, describing a broader pattern of extortion attempts against educational institutions. One commenter identifying as a former school technology director noted the hallmarks of ransomware, while others discussed systemic weaknesses like the lack of offline backups and poor cybersecurity hygiene.

Screenshot of a text message from Lexington-Richland School District Five informing staff that employee retention payments will not arrive on Friday, June 6, 2025, due to continued internet outages, with a new payment date to be announced next week.
A text message from Lexington-Richland School District Five notifies employees that retention bonus payments scheduled for June 6, 2025, will be delayed due to ongoing internet outages. (Image courtesy of WACH Fox 57)

While the district has not confirmed whether ransomware was used or if any demands were made, the operational impact has been immediate. Teachers and staff are locked out of internal systems, some students in virtual summer programs have reported access issues, and payroll processes are disrupted. SAT testing scheduled for the weekend is still expected to proceed. District officials have not disclosed the origin or full scope of the attack but say they are working with cybersecurity experts and law enforcement to assess damage and begin restoration.

This incident follows a string of cyberattacks targeting educational institutions across the country, including recent breaches at the College of Eastern Idaho, Allentown School District in Pennsylvania, and Central Point School District in Oregon. High-profile ransomware campaigns have also hit schools in Michigan, New Jersey, Georgia, and North Carolina, the latter involving the Qilin ransomware group. Experts warn that U.S. schools, often under-resourced in IT and reliant on centralized platforms, remain prime targets for opportunistic threat actors seeking to extort public funds or steal sensitive student and staff data.

Subscribe to The Dysruption Hub

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
[email protected]
Subscribe