Ransomware victim disclosure
← All victimsThe Northwestern Illinois Association
Claimed by Cicada3301 · listed 1 year ago
Status timeline
- ListedFeb 23, 2025
- Data leakeddate unknown
At a glance
- Group
- Cicada3301
- Status
- Data leaked
- Country
- United States
- Sector
- Education
- Listed on leak site
- Feb 23, 2025
- Data size
- 50 GB
About the victim
AI dossier — public-source company profileThe Northwestern Illinois Association is a special education cooperative established in the late 1960s that serves over 60 school districts across 10 counties in northwestern Illinois. The organization provides specialized services including autism support, audiology, speech therapy, occupational/physical therapy, and other educational services to students with unique needs.
- Industry
- Special Education Cooperative Services
- Address
- Sycamore, IL
- Founded
- 1968
Attack summary
Severity: high — Educational cooperative managing sensitive student records and special needs data for 60+ school districts. Exfiltration of 50 GB of educational data involving minors with special needs constitutes high-risk PII exposure, though no specific regulated data categories are explicitly confirmed in the post.Cicada3301 claims to have exfiltrated 50 GB of data from the organization. The group has published the data but provided no details about specific data types or operational disruption.
Data the group says was taken
AI dossier — extracted from the leak post- Student records
- Educational assessments
- Staff information
- District partnership data
- Administrative documents
What the group claims
Status: 29d 22h 48m 30s - Size Data: 50 GB
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

