Ransomware victim disclosure

School Facility Consultants

Claimed by Abyss · listed 2 days ago

1.3TB uncompressed

Data size

$50

Ransom

demanded

Age

since listed · listed for ransom

Status timeline

Listed
Jun 2, 2026

Current state: Listed for ransom

At a glance

Group: Abyss
Status: Listed for ransom
Country: US
Sector: Education
Listed on leak site: Jun 2, 2026
Data size: 1.3TB uncompressed
Ransom demanded: $50

About the victim

AI dossier — public-source company profile

School Facility Consultants (SFC) is a full-service company providing expert guidance in school facility planning and funding for School Districts, County Offices of Education, and Charter Schools across California.

Industry: Educational Consulting & School Facility Planning

Attack summary

Severity: medium — Large data volume (1.3 TB) from education sector with likely PII exposure, but no proof files currently published and passwords not yet released. Exfiltration is claimed but not yet verifiable.

Abyss claims to have exfiltrated 1.3 TB of uncompressed data from SFC. The group indicates passwords and data will be published later, but has not yet released proof files or accessible download links.

medium

Data the group says was taken

AI dossier — extracted from the leak post

School facility planning documents
Educational institution records
Funding and financial data
Potentially student or staff information

What the group claims

School Facility Consultants (SFC) is a full-service company that provides expert guidance in school facility planning and funding for School Districts, County Offices of Education, and Charter Schools across California.

The leak post

captured from the group's site

```
let data = [
{
        'title' : 'School Facility Consultants',
        'short' : 's-f-c.org 1.3Tb uncompressed data',
        'full' : 'School Facility Consultants <br>' +
                 'School Facility Consultants (SFC) is a full-service company that provides expert guidance in school facility planning and funding for School Districts, County Offices of Education, and Charter Schools across California.<br>'+
            'password and data will be published later <br>'+
            'Link â„–1 Filelist',
        'links' : [

        ]
},
{
        'title' : 'landkreis-limburg-weilburg.de',
        'short' : 'landkreis-limburg-weilburg.de 132Gb uncompressed data',
        'full' : 'Kreisvolkshochschule Limburg-Weilburg e.V. <br>' +
                 'The district administration of Limburg-Weilburg County in the state of Hesse, Germany. The organization performs local government functions and is responsible for a wide range of public services for the district\'s residents.<br>'+
            'password and data will be published later <br>'+
            'Link â„–1 Filelist',
        'links' : [

        ]
},
{
        'title' : 'technic.com',
        'short' : 'technic.com ',
   …

Screenshot of the leak post

Leak screenshot for School Facility Consultants

Sources

Victim sites-f-c.org
Leak posthttp://3ev4metjirohtdpshsqlkrqcmxq6zu3d7obrdhglpy5jpbr7whmlfgqd.onion/static/data.js

Source

Indexed 2 days ago

This page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.

Is this your supplier? Your competitor? You?

Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

Disclosure context

About Abyss

Abyss is a relatively new ransomware group that emerged in March 2023, operating with primarily financial motivations and targeting organizations across multiple sectors with a focus on English-speaking countries. The group's origin and affiliations remain largely undocumented by major security agencies, though their targeting patterns suggest they operate independently rather than as a Ransomware-as-a-Service model. Their attack methodology and specific tools have not been extensively documented by major threat intelligence firms, though their victim profile of 87 organizations indicates they employ effective initial access techniques to compromise business services, technology, healthcare, and agriculture sectors. The group demonstrates a clear geographic preference for targets in the United States, United Kingdom, Canada, Switzerland, and Hong Kong, suggesting either language preferences or specific regional access capabilities. Due to the group's recent emergence and relatively limited public documentation from established security researchers, detailed information about notable campaigns, encryption methods, or law enforcement actions remains scarce. Abyss appears to remain active as of current reporting, though the lack of extensive public analysis by major threat intelligence organizations suggests they may operate at a smaller scale compared to more prominent ransomware families. The group has been linked to 102 public disclosures across our corpus. First observed on a leak site on March 21, 2023; most recent post June 3, 2026. The operation is currently active.

Timeline of this disclosure

June 2, 2026School Facility Consultants listed by Abysson the group's public leak site

Data size: 1.3TB uncompressed
Ransom demanded: $50

Other recent disclosures by Abyss

Abyss has been linked to 102 public victims on Darkfield. A sample of the most recent: