Ransomware victim disclosure
← All victimsThe North Stonington School District
Claimed by Interlock · listed 9 months ago
Status timeline
- ListedOct 15, 2025
- Data leakeddate unknown
At a glance
- Group
- Interlock
- Status
- Data leaked
- Country
- United States
- Sector
- Education
- Listed on leak site
- Oct 15, 2025
- Data size
- 3 TB
About the victim
AI dossier — public-source company profileNorth Stonington Public Schools is a small K-12 public school district located in North Stonington, Connecticut, serving approximately 736 students across two public schools. The district is operated under the domain northstonington.k12.ct.us and focuses on providing a safe learning environment for its students and community.
- Industry
- K-12 Public Education
- Address
- North Stonington, Connecticut, United States
Attack summary
Severity: critical — 3 TB of data confirmed exfiltrated and published, involving PII of minors (students) including full historical records from a K-12 public school district — a regulated category under FERPA covering a vulnerable population.The Interlock ransomware group claims to have exfiltrated over 3 TB of confidential data from North Stonington Public Schools, asserting they now possess all student data including complete historical records and documentation.
Data the group says was taken
AI dossier — extracted from the leak post- Student personal records
- Student academic history
- Student documentation
- Confidential district data
What the group claims
North Stonington Public Schools have two public schools and 736 students, strives to create a safe environment for themselves, their school, and their students. However, their "Safety First" slogan has recently changed! Despite having extensive resources and support, North Stonington Public Schools has a very poor IT security team that is doing a poor job! With our help, over 3 TB of confidential data was exposed, meaning all student data, including the entire history and documentation, is now in our hands!
Sources
Source
Indexed 9 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

