Rhysida ransomware group claims major data theft from Forrest City School District
The Rhysida ransomware group has demanded more than £325,000 from Forrest City School District in exchange for not leaking the sensitive personal information it stole from the school’s systems in December.
Located in Forrest City, Arkansas, Forrest City School District consists of three elementary schools, one middle school, one high school, one pre-kindergarten school, and one alternative school. The school district serves more than 2,100 pupils, 73% of whom come from economically disadvantaged families.
In a social media post in December, the school district said that it identified suspicious activity in its internal network and carried out an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.
The school district’s I.T. Department also took assistance from the Arkansas Division of Information Systems to determine the impact to staff and students. FCSD said it took the affected systems offline as a precaution and temporarily suspended internet service across all schools as officials worked to restore the services.
While the school district did not share details on who was responsible for the data security incident or how the threat actors infiltrated its network, the Rhysida ransomware group recently claimed responsibility for the cyber attack on FCSD and listed it as a victim on its data leak site.
🚨 RHYSIDA Ransomware Alert 🚨
— FalconFeeds.io (@FalconFeedsio) March 28, 2025
Forrest City School District 🇺🇸
📢 Forrest City School District is a school district headquartered in Forrest City, Arkansas, has fallen victim to RHYSIDA ransomware.
🔍 Key Details:
🛡 Threat Actor: RHYSIDA
📅Published date : 28-03-2025
NB:… pic.twitter.com/BSYFjU5lBM
The group claimed to be in possession of sensitive personal information stolen from FCSD and gave the school district a deadline of a week to pay a ransom of 5 Bitcoin, or £329,360 at the time of publishing, threatening to leak the stolen data if the deadline wasn’t met.
To prove the authenticity of its claims, Rhysida shared samples of the stolen documents that included student transcripts, internal memos, and financial documents. FCSD has not verified the hacker group’s claims nor has it shared details on whether it paid a ransom to regain access to the stolen data.
Related Articles
Most Viewed
New rules, rising threats: why lean IT teams must rethink cyber-securitySponsored by CORO CYBER SECURITY
Don’t allow AI experiments to become quiet business risksSponsored by alice.io
The Expert View: Reducing cyber-risk across OT and critical infrastructureSponsored by Claroty
The Expert View: Transforming security through risk intelligenceSponsored by Obrela
Winston House, 3rd Floor, Units 306-309, 2-4 Dollis Park, London, N3 1HF
23-29 Hendon Lane, London, N3 1RT
020 8349 4363
© 2025, Lyonsdown Limited. teiss® is a registered trademark of Lyonsdown Ltd. VAT registration number: 830519543