Pell City Schools in Alabama said a cyberattack disrupted some district technology systems and that an outside party copied files, as the district works with cybersecurity partners to restore services.
Superintendent Justin Burns told families the district would not pay the criminals and that officials are investigating what happened while bringing systems back online, WBRC reported Jan. 6.
Public signs of disruption surfaced weeks earlier. On Dec. 15, the Pell City School System posted on social media that an internet outage would prevent livestreaming its Dec. 16 school board meeting. The post did not link the outage to a cyberattack.
A separate social media update from local station 94.1 FM The River said the district temporarily shifted to “paper and pencil” instruction because of what it described as a major cyber incident, and that a forensic IT team had been called in. The station said phones were expected to return to service, though the district has not provided detailed, on-the-record confirmation of those operational impacts.
Chip in once
If this reporting helped you, a one-time tip helps cover hosting, tools and future investigations.
Support us monthly
A small monthly pledge keeps independent coverage and our reader tools online for everyone.
A ransomware tracking site, ransomware.live, lists pellcityschools.net as a victim entry it associates with a group it labels SafePay, with a claim discovery date of Dec. 23. The district has not publicly confirmed that attribution.
SafePay is a ransomware operation tracked by multiple threat-intelligence researchers and victim-listing sites. Researchers describe the group as using data-theft pressure tactics, including publishing claims on a leak site, but such postings can be incomplete or unverified without confirmation from the targeted organization.
The Pell City incident fits a pattern seen in recent school disruptions: districts often first describe outages or “network issues,” while ransomware leak sites later post claims that districts may not confirm. In recent cases, Eanes and Clarksville school districts in Texas faced outages later followed by unverified leak-site listings, while Minersville Area School District in Pennsylvania confirmed a ransomware incident after taking its network offline.
Pell City Schools is a public K-12 district in St. Clair County serving about 4,152 students, according to federal education data.
