MCPS Hit by Qilin Ransomware: 305GB of Sensitive Data Stolen
Mecklenburg County Public Schools (MCPS) in North Carolina faced a significant disruption in early September due to a ransomware attack, with the Russian cybercrime group Qilin claiming responsibility. The incident, confirmed by MCPS Superintendent Scott Worner, has raised concerns about data security and preparedness in educational institutions.
The attack, which occurred in September, forced teachers to rely on traditional teaching methods such as pen, paper, and whiteboards as internet systems were down for about a week. Worner confirmed that Qilin was behind the breach and is currently assessing the extent of the damage. The group, known for its ransomware-as-a-service operations, has claimed to have stolen 305 GB of sensitive data, including financial records, grant documents, budgets, and children's medical files. MCPS, however, has no intention of paying the ransom at this time.
Qilin, which has been active since 2025, has been responsible for 103 confirmed ransomware incidents and 470 unverified ones, with educational institutions being frequent targets. The group operates by providing its malware to affiliates, who then launch attacks and share ransom proceeds. In this case, Qilin published sample images online to confirm the attack on MCPS.
The ransomware attack on MCPS serves as a stark reminder of the increasing threat of cybercrime to educational institutions. Worner urged other districts to prepare for such threats, stating, 'It's not if, it's when' an attack will occur. As of now, the identity of the cyber insurance provider for MCPS remains unknown, as such information is typically kept confidential. However, the incident highlights the importance of robust cybersecurity measures and insurance coverage in the face of evolving digital threats.
