The Fowler Elementary School District, located in Phoenix, Arizona, has reportedly fallen victim to a cyberattack involving what may be a substantial volume of sensitive data. The incident was claimed by the Interlock ransomware group, which published its announcement on May 3, 2025, through a post on its blog hosted within the Tor network. According to the cybercriminals’ own statement, the operation allegedly led to the exfiltration of approximately 400 gigabytes of data, which they claim includes highly confidential information related to students, employees, and administrative personnel.
Established in 1895, the Fowler Elementary School District is one of the oldest public school systems in the Phoenix metropolitan area. It currently operates seven public schools, serving students from kindergarten through eighth grade, with a total enrollment of approximately 4,000 students and over 400 employees. Recognized for its commitment to educational equity, inclusiveness, and strong school-family-community partnerships, FESD is a foundational institution within its local context. For this reason, the impact of the alleged cyberattack could be particularly severe—not only due to the possible scope of the breach, but also because it risks undermining the trust placed in the district by its community.
The attackers claim to have accessed a wide range of personally identifiable and sensitive information. According to Interlock, this includes full names of students and staff, dates of birth, residential addresses, Social Security Numbers (SSNs), medical records, insurance information, payroll data, administrative documents, student ID numbers, and guardian names. If verified, the exposure of such data would represent a significant threat to the privacy and security of those potentially affected.
In its blog post, the Interlock group published six images as so-called “proof of leak,” allegedly displaying samples of the compromised files. These documents appear to be consistent with the group’s narrative, though their authenticity has not been independently confirmed. The group also released a text file listing the full directory structure of what it claims to have extracted—over 60,000 lines in total—suggesting a large volume of files may be involved.
Given the seriousness of the claims, SuspectFile.com contacted senior district officials to request an official statement. Emails were sent to the Board President, the Board Clerk, and a Board Member. As of the time of publication, no response has been received. Additionally, no public communication addressing the incident has appeared on the district’s official website, raising uncertainty about how the situation is being handled.
Without an official account of what occurred, it remains unclear what measures—if any—have been implemented to mitigate the damage. A significant risk now looms that the claimed data could be sold or publicly released if a ransom is not paid, though no ransom demand has been disclosed so far.
This case highlights a broader pattern in which U.S. school districts appear increasingly vulnerable to ransomware threats. Factors such as underfunded IT departments, outdated infrastructure, and limited cybersecurity readiness may be contributing to this trend. The potential consequences for students and staff—especially when minors are involved—range from identity theft and medical data exposure to fraud or extortion attempts.
SuspectFile.com will continue to monitor the situation and provide updates as new information becomes available.