Portland Public Schools Data Breach Affects 12,128

Portland Public Schools (PPS), Maine’s largest public school district, recently suffered a data breach impacting thousands of current and former students, staff and community members.

On or about Feb. 2, 2025, the district experienced unauthorized access to its network, later determined to be the result of a ransomware attack by the group known as RansomHub. The attackers claimed to have exfiltrated 110 GB of sensitive data and threatened to publish it on the dark web within days if their demands were not met.

After an extensive forensic investigation and document review, PPS confirmed on Jan. 6, 2026, that the breach potentially exposed personal information including full names, Social Security numbers and financial account details.

A total of 12,128 individuals were affected across the United States, with 5,183 Maine residents and 31 Massachusetts residents among those notified. The breach was disclosed to the Maine Attorney General and the Massachusetts Office of Consumer Affairs and Business Regulation on Jan. 30, 2026, and to the Vermont Attorney General on Feb. 2, 2026.

PPS began notifying impacted individuals in writing on Jan. 30, 2026.

Portland Public Schools's response

Upon discovering the breach, PPS launched a thorough investigation and engaged external cybersecurity professionals to assess and contain the incident. The district has since taken steps to enhance its network security and continues to evaluate and update its privacy practices.

The district is offering complimentary credit monitoring and identity theft protection services through Experian IdentityWorks. Affected individuals are encouraged to enroll in these services, place fraud alerts and security freezes on their credit files, and regularly review their financial account statements and credit reports for suspicious activity.

Anyone with questions or concerns can contact the district’s confidential response line at 877-841-2527, staffed with professionals familiar with the incident.

Given the ransomware nature of this attack and the sensitive information involved, it is especially important for affected individuals to take advantage of the offered credit monitoring, remain vigilant for signs of identity theft, and consider placing a security freeze on their credit reports.