-
Bad actors attacked a high school in Berchem (Belgium), billing the school €15,000 (18,000 USD approximately) for ransom.
-
The school refused to pay them off, the attackers sent ransom emails to parents demanding €50 per child.
-
The attackers have claimed to have obtained seven years’ worth of sensitive data (e.g., students’ health records, identification cards, and financial data).
The OLV Pulhof (Onze-Lieve-Vrouwinstituut) school in Grotesteenweg, Berchem, just became a victim of a brazenly audacious attack. The bad actors behind this incident have taken it off the grid as they directly target the parents of students of OLV Pulhof.
In the first week of January, after schools resumed following the Christmas break, hackers breached OLV Pulhof in a ransomware attack, affecting multiple systems, including all computer servers used for operations such as finance, payroll, and health care.
This attack on a Belgian school follows a disturbing international trend of cybercriminals targeting education, including a recent claim by a ransomware group to have stolen 650GB of data from South Korea’s Inha University.
The hackers stole sensitive data about all of the students (NAME, DOB, etc.), but what began as a “ransomware attack” directed at OLV Pulhof as an educational institution turned out to be much more nefarious.
From School Demands to Parent Extortion
The hackers first approached school administrators with a straightforward demand. Pay €15,000 (almost 18,000 USD), or we release everything we stole. School officials refused to negotiate. They immediately filed a police complaint instead. That’s when the criminals changed tactics.
This week, threatening emails started landing in parents’ inboxes. The new demand? Pay €50 (almost 60 USD) per child, or your family’s private information goes public.
Screenshots of these ransom messages have been making the rounds among worried parents. The emails are specific and threatening. “We hacked into OLV Pulhof,” the message declares, boasting about access to systems containing data spanning from 2018 to 2025.
The criminals claim they’ve stolen everything. Confidential student information, parental data, ID cards, health records, mental health data, financial details, salary information, diplomas—the works.
The ultimatum targets parents in a calculated and cruel way. “Parents: you either convince Pulhof to pay, or you, as a parent, pay us €50 per child,” the email reads. Only you, as a parent, can prevent your child’s data from being published or sold on the dark web.
Students understandably feel frightened. One student shared their experience with reporters, explaining the fear gripping the school community. “We had to change all our passwords at school, or they would release our addresses or photos. The school also informed us that we cannot press any buttons or make any payments. My dad also got an email last night. That scares me a bit.”
School Response and Investigation
Instructions given to parents by school administrators have been direct and explicit. Parents must not remit the ransom nor click on any links in the emails received by the unknown threat group.
The school involved the Police Regional Computer Crime Unit upon noticing the breach, and they responded promptly. Thanks to this incident, the school is actively erecting a new, secure network environment to protect students.
At the same time, classes are running smoothly, even though the school authority hasn’t publicly shared the scale of the breach. While the Federal Judicial Police investigates the incident, authorities have not yet identified the perpetrators.
Educational Institutions Targeted – Coincidence or Tailored
The OLV Pulhof attack hints at a key change in how internet criminals operate. Hackers pose a high risk of compromising schools and their communities. This tactical shift exploits a broader strategic vulnerability: as warned by organizations like UNICEF, digital platforms globally are failing to prevent the spread of material that harms children, making any stolen data a potent weapon. Bad actors are using the credentials of children as bait to raise their demands for ransom.
Security experts keep discouraging ransom payment because it only fuels future attacks. There’s also no assurance that the bad actor will erase the hijack data after receiving the money.
This is a double-extortion crime. As such, parents and students must stay eye-peeled and report sketchy messages to the right authorities without hesitation.
