Manassas Park City Schools notified the community recently it was the victim of a data breach that could have exposed personal information.
The school division became aware of the data incident on June 13, at which time an investigation began.
“To date, our investigation revealed that malicious actors gained access to MPCS’s network on or about June 12, 2025, and deployed ransomware to encrypt portions of the network,” Superintendent Melissa Saunders’ statement read.
The “malicious actors’” network access was terminated as soon as it was detected, officials said. While there is no definitive evidence that personal information was accessed, the division is providing notice out of caution.
“To date, we have not received any indication that your information was misused by an unauthorized individual,” the statement said.
What information was involved? The division said it’s possible full names or first initial and last name, combined with Social Security numbers, passport numbers or financial account information may have been seen or accessed.
Upon discovering the breach, IT experts were engaged and began an investigation. The school division also reported the incident to the FBI’s Cyber Division and the Virginia Fusion Center.
“While the investigation remains ongoing, we are taking steps now to implement additional safeguards and review policies and procedures relating to data privacy and security,” Saunders’ statement said.
The division hired a strategic service provider to monitor its cybersecurity systems, reviewed its system’s architecture and implemented stronger policies to prevent future attacks, Saunders said.
The division is encouraging community members to review account statements and monitor credit reports for suspicious activity.
