Lexington-Richland 5 declined to pay, Superintendent Akil Ross told a virtual town hall for district parents on Tuesday. A former FBI agent and cybersecurity expert who took part in the town hall said that was the right call.
“I tell my clients not to pay,” Jack Jupin told listeners. “Because if you pay, it just perpetuates the problem. Now they wait six months and do it again, because maybe you’ll pay the second time.”
A district-wide data breach in June caused the district to delay the start of high school summer classes in Chapin and Irmo area schools, and shut down internet access in district facilities for days. It even caused the payout of a year-end bonus expected by teachers and staff to be delayed.
“We knew at 6:30 a.m. that morning that we had lost access,” Ross said. “We have a cybersecurity protocol just as in the case of someone breaking into one of our buildings. We called law enforcement, we called SLED, and they started an investigation at that point.”
The superintendent did not specify how large a ransom had been demanded by the hackers.
The school district announced in a press release earlier this month that it has confirmed that some former students’ personal information, including names, addresses and Social Security numbers, was posted in an online forum “used by threat actors.”
But Jupin told the town hall the hackers — likely based internationally out of either China or Eastern Europe — were probably uninterested in any data on individuals they may have gotten access to in the files.
“Most times, they’re not even looking at it,” he said. “This was an attack on your school district. They wanted the money.”
The district will offer credit monitoring and identity theft protection to both the people whose data was breached and to all current district staff, “though we do not have confirmation at this time that their information is at risk,” Lexington-Richland 5 said in its announcement.
By state law, the credit monitoring will last for 12 months, Ross said at the town hall, although that coverage can be extended if they discover instances of stolen information being used. Those affected are being notified as the district and investigators identify breaches in the copious amounts of data they have to sift through from the June breach.
“We’re going through over 1.03 terabytes,” Ross said. “That’s 1,200 jump drives of information.”
Those costs associated with the credit monitoring are being paid by the cybersecurity insurance carried by the district, Ross said. The hack happened despite the strength of Lexington-Richland 5’s existing security protections, which he noted had previously tested so well in a “stress test” that their insurance co-pay dropped from $100,000 to $25,000.
Local, state and federal law enforcement has been investigating the data breach, and Ross said he was reluctant to give out too much information at the town hall that might compromise the investigation or alert hackers to any other potential vulnerabilities in the school district’s system.
He confirmed the hackers got access to the school’s systems when an employee opened a phishing email — an attempt by an outside actor to gain access to a system by tricking someone on it into opening an unsecured link in an email. Such incidents targeting both companies and public institutions, including schools, have exploded in recent years as a quick way for criminals to grab some cash.
“I run my own security consulting firm, and I get phishing emails directed at me,” Jupin said.
Questions submitted by members of the public asked what precautions they could take if their information has been exposed. Jupin recommended contacting credit bureaus such as Equifax, Experian and TransUnion so that they can provide heightened monitoring of any financial transactions that may use your information. The district also directed the public to its online FAQ about the incident and encouraged additional questions to be sent to LexRich5SecurityIncident@lexrich5.org.
©2025 The State. Distributed by Tribune Content Agency, LLC.
