Portland Public Schools Data Breach Affects 12,128

Portland Public Schools (PPS), Maine’s largest public school district, recently suffered a data breach impacting thousands of current and former students, staff and community members.

On or about Feb. 2, 2025, the district experienced unauthorized access to its network, later determined to be the result of a ransomware attack by the group known as RansomHub. The attackers claimed to have exfiltrated 110 GB of sensitive data and threatened to publish it on the dark web within days if their demands were not met.

After an extensive forensic investigation and document review, PPS confirmed on Jan. 6, 2026, that the breach potentially exposed personal information including full names, Social Security numbers and financial account details.

A total of 12,128 individuals were affected across the United States, with 5,183 Maine residents, 31 Massachusetts residents, and 23 New Hampshire residents among those notified. Starting on Jan. 30, 2026, the breach was disclosed to the attorneys general offices of Maine, New Hampshire, and Vermont, and the Massachusetts Office of Consumer Affairs and Business Regulation.

PPS began notifying impacted individuals in writing on Jan. 30, 2026.

Portland Public Schools's response

Upon discovering the breach, PPS launched a thorough investigation and engaged external cybersecurity professionals to assess and contain the incident. The district has since taken steps to enhance its network security and continues to evaluate and update its privacy practices.

The district is offering complimentary credit monitoring and identity theft protection services through Experian IdentityWorks. Affected individuals are encouraged to enroll in these services, place fraud alerts and security freezes on their credit files, and regularly review their financial account statements and credit reports for suspicious activity.

Anyone with questions or concerns can contact the district’s confidential response line at 877-841-2527, staffed with professionals familiar with the incident.

Given the ransomware nature of this attack and the sensitive information involved, it is especially important for affected individuals to take advantage of the offered credit monitoring, remain vigilant for signs of identity theft, and consider placing a security freeze on their credit reports.