Hackers release Minneapolis Public Schools data to dark web

Last week, Minneapolis Public Schools (MPS) announced that data from students, staff and community was illegally taken from its servers in what it calls an ‘encryption event,’ and that the information has been leaked on the dark web. The compromised MPS data is now accessible on the dark web—a group of internet sites that are only accessible using a specialized web browser—designed to keep internet activity anonymous and perpetuate cybercrimes.

The encryption virus that gathered the data was installed on MPS servers in February by Medusa, a ransomware group. Medusa demanded a $1 million ransom to not release the stolen data, which includes sensitive information dating back as far as 1995. Since MPS did not pay the ransom, the data was released online on March 17.

“We are working with cybersecurity specialists to quickly and securely download the data so that we can conduct an in-depth and comprehensive review to determine the full scope of what personal information was impacted and to whom the information relates,” MPS said in an update on its website. “This will take some time. You will be contacted directly by MPS if our review indicates that your personal information has been impacted.”

Related Story: Mpls Public Schools data seized for ransom

MPS has asked the community to exercise caution when interacting with suspicious communications, to change the passwords of any accounts used on an MPS device, and to not download or share the data released in the leak, as “this plays into the cybercriminals’ hands by drawing attention to the information and increasing our community’s fear and panic.”

Local cybersecurity expert and professional hacker Ian Coldwater says people who are potentially affected by the hack should not panic but should “know and prepare.”

Coldwater, who has looked through the leaked data, says students, staff, parents, school bus drivers, and vendors may have had their data compromised. Coldwater recommends that anyone in these groups should assume that their data has been breached. 

Coldwater’s suggestion for anyone whose data may have been breached is to use a password manager to create a new strong and unique password for any account that has recently been used within the MPS network. They also recommend freezing credit if anything looks suspicious on a credit report. 

“Keep an eye on your accounts, like your financial accounts and statements, for anything weird,” Coldwater said. “If you get any fraudulent charges, if you have people trying to sign into your account as you, trying to change your password, if you see anything weird, make sure to act on that right away.”

As many older parents and staff may not be active on social media, Coldwater encourages community members to talk to family and friends who may not know about the leak so that they can take action.

MPS has pledged to provide free credit monitoring and identity-theft protection services for anyone whose personal information was accessed.