Minneapolis Public Schools Faces Data Leak Following Ransomware Attack


Minneapolis Public Schools recently fell victim to a ransomware attack, resulting in the unauthorized release of sensitive student information on the internet. The perpetrators, a group specializing in file encrypting ransomware, have taken to dumping files online, exposing details such as cases of sexual assault, abusive parent records, psychic treatment data, and instances of truancy (unjustified absenteeism).

In response to the data leak, a distressed student pleaded with school authorities to take immediate action. The public disclosure of deeply personal information, including incidents like bedwetting and sleep crying, has caused immense distress and sleepless nights for the victims, as their friends and peers now have access to this information, leading to potential public humiliation.

The breach occurred in March of this year when hackers targeted Minneapolis Public Schools, compromising the data of approximately 36,000 students. The school administration refused to pay the demanded ransom of $1 million, prompting the hackers to release around 300,000 files onto the internet. These files have since been circulated on social media platforms like Telegram, attracting attention from smaller hackers seeking monetary gain.

Reports indicate that similar cyberattacks have occurred in other school districts earlier this year, raising concerns among students in San Diego, Des Moines, Tucson, and Arizona regarding the security of their personal information stored on school servers.

According to a study conducted by Recorded Future, ransomware gangs stole nearly 5 million student records in the United States during 2021. This alarming figure underscores the escalating threat posed by ransomware attacks, making it imperative for educational institutions to take proactive measures to protect their student and staff data from malware infiltration.

To enhance cybersecurity, schools are being strongly advised to implement various preventive measures. These include securing online assets through indemnification and limiting access, ensuring up-to-date software installations, exercising caution when handling emails and messages containing links, accessing only secure websites, promoting basic cyber hygiene practices among employees, storing data backups separately, deploying tools that block malicious domains and provide alerts, and regularly reviewing and enhancing cybersecurity protocols.

By prioritizing robust security measures, educational institutions can effectively safeguard sensitive student information, thwarting the escalating threat of ransomware attacks and preserving the privacy and well-being of their students and staff.

Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display