Tulare City School District in California said it is investigating suspicious activity on its network after disruptions affected some computer systems, while unverified screenshots circulating online claimed an extortion threat tied to student information.
The K–8 district, based in Tulare in the San Joaquin Valley, said the activity has affected the availability of certain computer systems and that it is working to determine the scope and “securely restore full operability.”
The district also said it has received reports of suspicious emails being sent to members of the district community and asked recipients to ignore messages that appear suspicious.
District officials have not described how widely operations were affected beyond “certain computer systems,” and they have not said whether instructional platforms or other student-facing services were disrupted. As of the latest update, the district also had not announced school closures or schedule changes.
Chip in once
If this reporting helped you, a one-time tip helps cover hosting, tools and future investigations.
Support us monthly
A small monthly pledge keeps independent coverage and our reader tools online for everyone.
Parents and community members shared screenshots of an alert attributed to district tech services saying phone lines and internet services were down while an investigation continued. The district’s website notice did not include an estimated restoration time or say whether any data was accessed.
Separate screenshots circulating on social media and community channels purport to show an extortion-style message signed “SingularityMD” that describes a ransom demand and threatened release of student-related records. DysruptionHub could not verify the origin of that message, and the district has not publicly confirmed a ransom demand, data theft, or a specific threat actor.
If the circulating extortion note proves authentic, the event would be a departure from traditional single- or double-extortion ransomware, which typically pairs network encryption with pressure tactics. Instead, it would align more closely with data extortion, where attackers threaten disclosure even without widespread encryption. Such cases can arise when an intruder can access and copy sensitive records but lacks the ability, time or leverage to encrypt or otherwise materially alter core systems, though officials have not confirmed that scenario.
The “SingularityMD” name has surfaced previously in U.S. K–12 incidents. Malpedia, a threat-actor reference maintained by Germany’s Fraunhofer FKIE, describes SingularityMD as a group that has targeted U.S. educational institutions and used extortion threats tied to stolen information.
In 2023, reporting around Clark County School District in Nevada and Jeffco Public Schools in Colorado described an extortion campaign in which a group using the SingularityMD name threatened to leak stolen student and staff data if districts did not pay, including outreach aimed at parents.
The district did not respond to a request for comment.
Tulare City School District serves about 9,294 students, according to federal school district data. The district said it is working to minimize service interruptions and restore systems.
