Cyber Incident Victim: Logansport Community School Corp
Date:
Apr 2021
Location:
United States of America
Summary
A ransomware attack compromised an Indiana school district's network, disrupting internet and phone systems across all facilities and forcing a shift to e-learning. Following the breach, threat actors associated with the Pysa ransomware group leaked approximately 40 GB of data comprising 140 compressed archives. The dumped files primarily contained older documents with limited employee personnel information, but no critical databases such as payroll or student records were identified in the exposed material. The district engaged experts to investigate the intrusion while the attackers publicly released the data after negotiations reportedly failed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 3 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 2 actors | Available to members | Available to members |
Description
On April 11, 2021, Logansport Community School Corporation in Indiana experienced a network compromise by unidentified hackers. The intrusion disrupted internet and phone systems across all school buildings, prompting an immediate shift to e-learning operations by April 12. Local news outlet WLfi documented the operational impact, though the district did not initially disclose technical details regarding the attack vector or scope of unauthorized access. By April 27, the school corporation publicly confirmed it was investigating the breach with assistance from external cybersecurity experts, though their investigation remained ongoing as of the reporting period. The incident forced sustained reliance on remote learning modalities due to disabled critical communications infrastructure.
Pysa ransomware operators claimed responsibility for the attack, listing Logansport Community School on their data leak site by May 8, 2021. The threat actors subsequently released approximately 40 gigabytes of exfiltrated data comprising 140 compressed archives. Forensic analysis of the dumped material indicated most files were outdated documents, with limited exposure of employee personnel records. Investigators found no evidence of compromised major databases containing payroll details, student information, or other sensitive institutional datasets. Concurrently, the school’s cybersecurity team continued assessing the intrusion’s full impact while restoring affected systems. No public statements from the district addressed the data leak’s validity or confirmed whether ransom negotiations occurred. DataBreaches.net monitored for further developments but reported no additional disclosures about the incident’s resolution or long-term consequences at the time of publication.