Ransomware victim disclosure
← All victimsNorth Stonington Public Schools
listed as North Stonington Elementary School · Claimed by Interlock · listed 9 months ago
Status timeline
- ListedOct 13, 2025
- Data leakeddate unknown
At a glance
- Group
- Interlock
- Status
- Data leaked
- Country
- United States
- Sector
- Education
- Listed on leak site
- Oct 13, 2025
- Data size
- 3 TB
About the victim
AI dossier — public-source company profileNorth Stonington Public Schools is a small public school district located in North Stonington, Connecticut, USA. It operates two public schools serving approximately 736 students. The district aims to provide a safe and supportive learning environment for its student population.
- Industry
- K-12 Public Education
- Address
- North Stonington, Connecticut, United States
Attack summary
Severity: critical — 3 TB of confirmed exfiltrated data from a K-12 school district explicitly includes all student PII and complete historical records — minors' regulated data at scale constitutes a critical disclosure under FERPA and state privacy laws.The Interlock ransomware group claims to have exfiltrated over 3 TB of confidential data from North Stonington Public Schools, stating that all student data including complete historical records and documentation is now in their possession.
Data the group says was taken
AI dossier — extracted from the leak post- Student personal records
- Student academic history
- Student documentation
- School administrative data
What the group claims
North Stonington Public Schools have two public schools and 736 students, strives to create a safe environment for themselves, their school, and their students. However, their "Safety First" slogan has recently changed! Despite having extensive resources and support, North Stonington Public Schools has a very poor IT security team that is doing a poor job! With our help, over 3 TB of confidential data was exposed, meaning all student data, including the entire history and documentation, is now in our hands!
Sources
Source
Indexed 9 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

