The Minneapolis Public Schools (MPS) suffered a data breach and notified parents that the information stolen by hackers was released on the dark web, where users are untraceable.
The hackers obtained payroll information, protected health information, home addresses, phone numbers, disciplinary records, student records, and pictures of students and staff. In addition, safety plans, union grievances, misconduct complaints and civil rights investigations were also acquired by the hackers.
MPS has contacted cybersecurity specialists to download the data securely to perform an in-depth comprehensive review and determine the full scope of what personal information was impacted. MPS administrators have declined requests for an interview and chose not to answer questions sent via email.
Cybersecurity experts advise anyone associated with MPS – current and former students, parents, staff, and vendors – to assume they have been compromised until they have been told otherwise and to take action to protect themselves. In addition, anyone who accessed MPS devices from personal accounts was directed to change those account passwords.
The district announced that it would provide all potentially affected individuals with free credit monitoring and identity protection services through Experian.
Mark Lanterman, a former member of the US Secret Service Electronic Crimes Task Force, advised individuals to change all passwords, monitor statements and bank and credit cards, and put a freeze on credit reports.
He explains that hackers are in business to make money, and one of the best ways to prevent being a victim is to make sure they can’t take out loans or lines of credit in one’s name. Ian Coldwater, a professional hacker, recommends parents, staff, and students not to panic, but take the threat seriously.
He suggests that individuals change passwords of all accounts accessed through district-owned devices, freeze credit, watch accounts closely, and use multi-factor authentication.
This is the latest in a string of cyber attacks on schools and universities. State officials reported that schools and universities were targeted in at least 78 cyber attacks in 2022, in addition to 111 counties and 39 municipalities.
The international Falls School District was targeted in September 2022, just one week into the school year.
Medusa, the group that claimed responsibility for the attack on MPS, released a video setting the ransom at $1 million. The MPS administrators stated that they have taken a stance against the criminals and have fully restored the system without the need to cooperate with the criminal.
