.png)
A class-action lawsuit has been filed against School District Five of Lexington & Richland Counties in South Carolina, alleging that the district failed to protect sensitive student and staff data following a ransomware attack in June 2025. The breach is reported to have exposed personal information for more than 31,000 individuals, including students, parents, alumni, and employees.
The suit, filed September 22, 2025, claims that the district was negligent, delayed notification of the breach and lacked industry-standard cybersecurity protections—violating South Carolina data-breach notification laws and other legal duties. The incident began when the district discovered unusual network activity on June 3, 2025. A forensic review later confirmed unauthorized access and data theft from district servers, including names, dates of birth, Social Security numbers, and internal financial records.
Legal claims brought by the plaintiffs include negligence, breach of fiduciary duty, invasion of privacy (public disclosure of private facts), and requests for declaratory and injunctive relief to mandate improved security practices. Plaintiffs are also seeking compensatory damages for financial loss and emotional distress, identity-protection programs, independent forensic oversight, and recovery of attorney’s fees and costs under state statutes.
While the district eventually notified impacted individuals and offered limited credit-monitoring services, the lawsuit argues that the notification process was delayed and incomplete, leaving many families uncertain about the full scope of their exposure.
This case is being viewed as one of the most significant education-related data-breaches in South Carolina’s Midlands region. As litigation moves forward, it could set precedents for how school systems are held accountable for cybersecurity failures and how affected individuals receive restitution and protections.
.png)
.png)
.png)
.png)
.png)