Last week, Minneapolis Public Schools (MPS) announced that data from students, staff and community was illegally taken from its servers in what it calls an ‘encryption event,’ and that the knowledge has been leaked on the Dark Web. The compromised MPS data is now accessible on the dark web—a gaggle of websites which are only accessible using a specialized web browser—designed to maintain web activity anonymous and perpetuate cybercrimes.
The encryption virus that gathered the info was installed on MPS servers in February by Medusa, a ransomware group. Medusa demanded a $1 million ransom to not release the stolen data, which incorporates sensitive information dating back so far as 1995. Since MPS didn’t pay the ransom, the info was released online on March 17.
“We’re working with cybersecurity specialists to quickly and securely download the info in order that we are able to conduct an in-depth and comprehensive review to find out the total scope of what personal information was impacted and to whom the knowledge relates,” MPS said in an update on its website. “This can take a while. You shall be contacted directly by MPS if our review indicates that your personal information has been impacted.”
MPS has asked the community to exercise caution when interacting with suspicious communications, to alter the passwords of any accounts used on an MPS device, and to not download or share the info released within the leak, as “this plays into the cybercriminals’ hands by drawing attention to the knowledge and increasing our community’s fear and panic.”
Local cybersecurity expert and skilled hacker Ian Coldwater says people who find themselves potentially affected by the hack mustn’t panic but should “know and prepare.”
Coldwater, who has looked through the leaked data, says students, staff, parents, school bus drivers, and vendors can have had their data compromised. Coldwater recommends that anyone in these groups should assume that their data has been breached.
Coldwater’s suggestion for anyone whose data can have been breached is to make use of a password manager to create a brand new strong and unique password for any account that has recently been used inside the MPS network. Additionally they recommend freezing credit if anything looks suspicious on a credit report.
“Keep watch over your accounts, like your financial accounts and statements, for anything weird,” Coldwater said. “When you get any fraudulent charges, if you will have people attempting to sign into your account as you, trying to alter your password, in the event you see anything weird, make sure that to act on that immediately.”
As many older parents and staff might not be lively on social media, Coldwater encourages community members to talk over with family and friends who may not know in regards to the leak in order that they will take motion.
MPS has pledged to offer free credit monitoring and identity-theft protection services for anyone whose personal information was accessed.