Kept in the Dark: Inside the Providence Schools Ransomware Attack

Get stories like this delivered straight to your inbox. Sign up for The 74 Newsletter

Kept in the Dark is an in-depth investigation into more than 300 K-12 school cyberattacks over the last five years, revealing the forces that leave students, families and district staff unaware that their sensitive data was exposed. Use the search feature below to learn how cybercrimes — and subsequent data breaches — have played out in your own community. Here’s what we uncovered about a massive ransomware attack on the Providence, Rhode Island school district.

After the Providence, Rhode Island, school district fell victim to a September 2024 cyberattack by the Medusa ransomware gang, school officials said an ongoing investigation found “no evidence that any personal information for students has been impacted.” 

An investigation by The 74, including a review of stolen files captured in the 217-gigabyte leak, indicates otherwise. Sexual misconduct allegations involving both students and teachers, children’s special education records and their vaccine histories were posted online after Providence Public Schools did not pay the cybercriminals’ $1 million ransom demand. 

The district’s failure to acknowledge that students’ records had been exposed — even after being informed otherwise by The 74 — means that parents and students were likely unaware that their private affairs had entered the public domain. 

In October 2024, Providence schools notified 12,000 current and former employees that their personal information, such as their names, addresses and Social Security numbers, had been compromised. But the letter never makes mention of students’ sensitive records. 

In response to The 74’s findings in mid-October 2024, a district spokesperson didn’t acknowledge that students’ sensitive information was compromised. He said the district “has been able to confirm that some [of its] files” were accessed by an “unauthorized, third party,” and that “security consultants are going through a comprehensive review” to determine whether the leaked files contain personal information “for individuals beyond current and former staff members.” 

Meanwhile, in an unsolicited phone call to The 74, a state education department spokesperson appeared to contradict that, saying “no one had actually gone in to see the files.” 

Included in the leak is the 2024-25 Individualized Education Program for a 4-year-old boy who pre-K educators observed had “significant difficulty sustaining attention to task” and who “wandered around the classroom setting without purpose.” Another special education plan notes a 3-year-old boy “randomly roamed the room humming the tune to ‘Wheels on the Bus,’ pushed chairs and threw objects.” 

A single spreadsheet lists the names of some 20,000 students and their demographic information, including disability status, home addresses, contact information and parents’ names. Another contains information about their race and the languages spoken at home.

A “termination list” included in the breach notes the names of more than 600 district employees who were let go between 2002 and 2024, including an art teacher who “retired in lieu” of being fired and a middle school English teacher who “resigned per agreement.” Another set of documents reveals a fifth-grade teacher’s request — and denial — for workplace accommodations for obsessive compulsive disorder, anxiety and panic attacks that make her “less effective as an educator if I am not supported with the accommodations because I can not sleep at night.” 

In one leaked April 2024 email, a senior central office administrator sought a concealed handgun permit from the state attorney general, noting they “have a safe at work as well as one at home.”

Following an investigation published by The 74 and The Boston Globe in October, the district sent a letter to families acknowledging that students’ personal information, such as vaccine records and special education details, were exposed in the attack.

In response to an inquiry from The 74, a district spokesperson said in a November statement that educators remain “committed to transparency and the security of personal information.”

“During these types of incidents, districts typically start with limited information on what occurred and then gain more information over the course of the investigation,” the statement continues. “As we navigated the initial uncertainty of the situation, PPSD prioritized taking real-time action and communicating with all stakeholders as we gathered more information.”

Get stories like these delivered straight to your inbox. Sign up for The 74 Newsletter