Colegio María Inmaculada (CMI) Listed by medusalocker Ransomware Group
Catholic school in Moravia, Costa Rica. Domain cmi.local / mariainmaculada.ed.cr. Servers: CMI-DC01, CMI-APP, CMI-HTTP2, main-server1/2.
On May 5, 2026, the MedusaLocker ransomware group added Colegio María Inmaculada, a Catholic school in Moravia, Costa Rica, to its public leak site, confirming that internal files had been exfiltrated from the school’s servers.
Confirmed Facts from Reporting
Public reporting indicates the school’s internal domain is cmi.local and its public domain is mariainmaculada.ed.cr. The compromised systems include servers named CMI-DC01, CMI-APP, CMI-HTTP2, and main-server1/2. Available reporting describes the data as internal files exfiltrated during a ransomware attack; the exact number of people affected remains unknown. The listing appeared on the MedusaLocker leak site, hosted on an onion address and tracked by ransomware.live.
Why This Matters for You and Your Family
When a school is hit, the information exposed often includes details about students, parents, staff, and alumni. Names, addresses, dates of birth, contact information, and sometimes family financial or medical notes can appear in internal spreadsheets or documents. If your child attends or attended Colegio María Inmaculada, or if you work there, your family’s personal information may now sit on a dark-web leak site. Once that data is public, it rarely disappears on its own.
Credential leaks from one organization frequently cascade into other accounts. A reused password taken from a school system can open the door to email, banking, or social-media profiles belonging to you or your children.
The Doxxing and Identity-Chain Implications
Ransomware groups do not always publish everything at once. They may release small samples first, then demand payment to prevent full disclosure. Even partial leaks can give attackers enough threads to map your online handles to your real identity. A parent’s email linked to a child’s gaming username, for example, can lead to doxxing that follows the family across platforms. Gaming accounts are especially vulnerable because children often reuse simple passwords and share devices at home. The same breach that exposes school records can therefore become the starting point for account takeovers that affect your entire household.
MedusaLocker’s Publicly Known Track Record
Public reporting attributes MedusaLocker with emerging in late 2019. The group has targeted hospitals, schools, municipalities, and small businesses worldwide. Its typical playbook involves gaining initial access through vulnerable remote desktop protocol connections or phishing, exfiltrating data before encrypting systems, and then publishing samples on a leak site if the victim does not pay. Extortion demands are usually accompanied by countdown timers, after which additional data is released in batches.
What to do
- Run a DoxxScan to map every link between your emails, phone numbers, usernames, and real identity so you can see exactly what this breach connects to.
- Rotate any password you used at mariainmaculada.ed.cr or the school’s internal systems, and enable 2FA through an authenticator app everywhere that password was reused.
- Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next leak exposing you or your family is caught in hours rather than months.
- Cover the household with DoxxScan family protection, which extends to dependents and children’s gaming accounts that often chain back to the same address or parent email.
- Let remediation specialists handle takedown requests and broker removals for you while you focus on securing accounts at home.
The incident at Colegio María Inmaculada shows how quickly a single organization’s breach can ripple into your daily life. Taking concrete steps now limits how far attackers can travel down the identity chain. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4 billion breach records and more than 100 platforms, AI-powered identity-chain mapping, hands-on remediation by specialists, and full household coverage that includes children’s gaming accounts. Start your DoxxScan trial today to close the gaps this leak has opened.
Related breaches
Forces Listed by medusalocker Ransomware Group
Organization with 28 emails extracted. Domain: ***.gc.ca…
Mount Royal University Listed by cmdorganization Ransomware Group
The university was established in 1910. Mount Royal University is a public university in Calgary, Ca…
Richmont Graduate University Listed by AiLock Ransomware Group
Richmont Graduate University is a Christian graduate institution offering master's programs in couns…
A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.
⚠ Were you in this breach?
Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.
Check my email — free →