MCPS Hit by Qilin Ransomware, 305GB of Sensitive Data Stolen
Mecklenburg County Public Schools (MCPS) has fallen victim to a ransomware attack, with the Russian cybercrime group Qilin claiming responsibility. The group alleges it stole 305 GB of sensitive data, including financial records, grant documents, budgets, and children's medical files.
Qilin, which operates as a ransomware-as-a-service network, has been active in 2025, claiming responsibility for 103 confirmed incidents and 470 unverified ones. Educational institutions have been frequent targets, with other victims including Western New Mexico University, Botetourt County Public Schools in Virginia, Fort Smith Public Schools in Arkansas, and Belmont Christian College in Australia. The attack on MCPS in early September disrupted operations, forcing teachers to rely on traditional teaching methods for about a week.
Superintendent Scott Worner confirmed the attack and stated that the school district is assessing the extent of the breach. He also mentioned that the district does not intend to pay the ransom at this time. Qilin published sample images online, claiming they were part of the stolen files. This incident is part of a growing trend, with at least 33 confirmed ransomware attacks on American schools, colleges, and universities in 2025. Education sector breaches often expose staff and students to potential identity fraud and take an average of 4.8 months to notify affected individuals.
Qilin's activities in 2025 have also targeted other notable organisations, including Nissan Motor Co. Ltd. (Japan), Data I/O Corporation (USA), Astra Otoparts/PT. Inti Ganda Perdana, DSA, 1-800Accountant, IKEA, Chanel, TransUnion, Pandora.net, Cisco, Google Adsense, Air France-KLM, Saksfifth, CarMax, Qantas Airways Limited, and TripleA. As ransomware attacks continue to pose a significant threat, educational institutions and other organisations must remain vigilant and prioritise robust cybersecurity measures.
