Cyber Incident Victim: Somerset Independent School District
Date:
Feb 2021
Location:
United States of America
Summary
A Texas school district experienced a ransomware attack by Avaddon threat actors, resulting in the unauthorized release of extensive student data. The attackers exfiltrated and publicly dumped over 3 GB of sensitive information, including decades of spreadsheets containing hundreds of student records per file with personal identifiers, demographic details, passwords, and health records specifically for elementary-grade students. The compromised health files disclosed named students' medical conditions across early education levels. While the threat actors claimed a "full dump" of all stolen data, the validity of this assertion remains unverified, and the district had not issued any public statements regarding potential additional impacts on staff or broader student populations at the time of reporting.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In early February 2021, Avaddon threat actors targeted Somerset Independent School District in Texas, culminating in a data dump on February 8. The attackers released a compressed archive containing 1,520 files across 27 folders, which expanded to over 3 GB of uncompressed data. The exfiltrated information primarily consisted of historical student records spanning 2016 to 2020, though the district had not publicly acknowledged the incident or responded to media inquiries at the time of reporting. The threat actors designated the leak as a "full dump," implying they released all stolen data, though the veracity of this claim remained unverified. No evidence suggested Somerset ISD had detected or contained the breach prior to the data publication. The absence of official statements left the scope of compromised systems and initial attack vectors unspecified.
The leaked files included over 30 plain-text spreadsheets containing hundreds of student records per file, with fields exposing sensitive demographic and educational details such as full names, birthdates, passwords, gender, race, socioeconomic status, disability classifications, and program enrollment indicators. A separate "Health" folder contained dozens of unredacted files detailing named students' medical conditions, exclusively affecting pre-kindergarten through fourth-grade cohorts. While the data’s age reduced the immediacy of some risks, the exposure of persistent identifiers like birthdates and health information created long-term privacy vulnerabilities. The breach’s consequences included potential identity theft, discrimination, and exploitation of minors’ health data, compounded by the district’s lack of public mitigation guidance or transparency regarding affected populations beyond the published student records.