Image: Giulia Squillace via Unsplash+
Image: Giulia Squillace via Unsplash+

Minneapolis school district says data breach affected more than 100,000 people

Minneapolis Public Schools has begun notifying more than 100,000 people that their personal information may have been leaked after a cyberattack early this year.

The school system started sending letters late last week, according to local media reports, and on Tuesday a notice posted on Maine’s data breach notification site said that 105,617 people were affected.

The Medusa ransomware group claimed the attack on March 7, demanding $1 million to decrypt MPS systems. The school district did not pay up. Ten days later the gang leaked data — including what appeared to be highly sensitive student files — and it posted a 51-minute video that included screenshots of the allegedly stolen information.

In its notification letter, the school district said it would have informed victims earlier, but it needed time for a “comprehensive review” to determine “whether sensitive information was present” in the leak.

“This process was time-intensive and required both computer- assisted and manual review,” the letter said. “This process was completed on July 24, 2023. Although it has been difficult to not share more information with you sooner, the accuracy and the integrity of the review were essential.”

The Associated Press had reported in early July that students and families were frustrated with the lack of formal notification from the district. The Daily Dot reported Tuesday that families have emailed administrators about various examples of fraud and other abuses that seemed to stem from the data breach.

The breach began February 6 and continued until at least February 18, when MPS said it became aware of the “suspicious activity” and notified law enforcement. The district said a “preliminary review” had been completed on March 22, and on April 7 it “sent notice to a limited number of known impacted individuals.”

MPS said it is providing 24 months of credit monitoring and identity theft restoration services. It also has created a dedicated phone line for victims of the incident.

“As part of MPS’s ongoing commitment to the security of information, our policies and procedures regarding information security are being reviewed and enhanced, additional safeguards have been implemented, and additional training is being conducted to reduce the likelihood of a similar event in the future,” the letter said.

The incident, which MPS initially called an “encryption event,” disrupted systems for about a week in late February.

2023_0810 - Ransomware Tracker - Reported Ransomware Attacks on School Districts.jpg

Since then, it’s been a tough year for school districts around the country as ransomware groups continue to target exposed systems. Recent victims include districts in Pennsylvania and Maryland. Another set of Minnesota schools — in the city of Rochester — faced a cyberattack not long after the Minneapolis incident.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Joe Warminsky

Joe Warminsky

is the news editor for Recorded Future News. He has more than 25 years experience as an editor and writer in the Washington, D.C., area. Most recently he helped lead CyberScoop for more than five years. Prior to that, he was a digital editor at WAMU 88.5, the NPR affiliate in Washington, and he spent more than a decade editing coverage of Congress for CQ Roll Call.