September 29, 2023

Minneapolis Public Faculties has begun notifying greater than 100,000 people who their private data could have been leaked after a cyberattack early this yr.

The varsity system began sending letters late final week, in line with native media experiences, and on Tuesday a discover posted on Maine’s knowledge breach notification website mentioned that 105,617 individuals have been affected.

The Medusa ransomware group claimed the assault on March 7, demanding $1 million to decrypt MPS techniques. The varsity district didn’t pay up. Ten days later the gang leaked knowledge — together with what seemed to be extremely delicate pupil recordsdata — and it posted a 51-minute video that included screenshots of the allegedly stolen data.

In its notification letter, the college district mentioned it could have knowledgeable victims earlier, but it surely wanted time for a “complete assessment” to find out “whether or not delicate data was current” within the leak.

“This course of was time-intensive and required each computer- assisted and handbook assessment,” the letter mentioned. “This course of was accomplished on July 24, 2023. Though it has been tough to not share extra data with you sooner, the accuracy and the integrity of the assessment have been important.”

The Related Press had reported in early July that college students and households have been pissed off with the dearth of formal notification from the district. The Every day Dot reported Tuesday that households have emailed directors about numerous examples of fraud and different abuses that appeared to stem from the info breach.

The breach started February 6 and continued till at the very least February 18, when MPS mentioned it grew to become conscious of the “suspicious exercise” and notified regulation enforcement. The district mentioned a “preliminary assessment” had been accomplished on March 22, and on April 7 it “despatched discover to a restricted variety of identified impacted people.”

MPS mentioned it’s offering 24 months of credit score monitoring and identification theft restoration providers. It additionally has created a devoted telephone line for victims of the incident.

“As a part of MPS’s ongoing dedication to the safety of data, our insurance policies and procedures relating to data safety are being reviewed and enhanced, further safeguards have been applied, and extra coaching is being performed to scale back the probability of the same occasion sooner or later,” the letter mentioned.

The incident, which MPS initially known as an “encryption occasion,” disrupted techniques for a few week in late February.

Since then, it’s been a troublesome yr for college districts across the nation as ransomware teams proceed to focus on uncovered techniques. Latest victims embody districts in Pennsylvania and Maryland. One other set of Minnesota faculties — within the metropolis of Rochester — confronted a cyberattack not lengthy after the Minneapolis incident.

Get extra insights with the

Recorded Future

Intelligence Cloud.

Study extra.

Joe Warminsky

Joe Warminsky is the information editor for Recorded Future Information. He has greater than 25 years expertise as an editor and author within the Washington, D.C., space. Most lately he helped lead CyberScoop for greater than 5 years. Previous to that, he was a digital editor at WAMU 88.5, the NPR affiliate in Washington, and he spent greater than a decade modifying protection of Congress for CQ Roll Name.