The Minneapolis Public School (MPS) District recently suffered a ransomware attack, and highly sensitive information about students and teachers was subsequently published on the web. The Medusa hacking group, who attempted to blackmail MPS, not only encrypted the school district’s data but also exfiltrated their own copy of it which was ultimately published on the internet. Approximately 100 GB of what claimed to be data from the MPS District was published on the public internet, alongside a video summary showing some of the contents. The leaked data contained highly sensitive information about children with special needs, reports of abuse, and allegations of sexual abuse involving named individuals and a teacher said to have had romantic relationships with students. The situation is made worse by the fact that data stolen by the Medusa hacking group has not taken the conventional course of being published on a dark web leak site, but instead on a conventional website that does not need a specialist tool like Tor to access it.
MPS says that it is attempting to have the leaked data removed from these public webpages, but for now, they’re still available. The Medusa group is revelling in the chaos it is causing, and feels no guilt about the impact it has on vulnerable, innocent young people. While some ransomware gangs have sometimes apologised and even occasionally offered free decryption tools after hacking schools, it’s clear that there are many other criminal groups who have no qualms about the harm their attacks can cause.
This incident highlights the importance of having robust cybersecurity measures in place to protect sensitive information. It’s crucial that schools and other organisations take cybersecurity seriously and invest in appropriate security measures. Additionally, it’s essential to have data backup and recovery plans in place in case of a security breach. It’s also important to ensure that staff and students are aware of the risks of cybercrime and are trained in how to protect themselves and their data.
The MPS District incident also highlights the need for stronger laws and regulations around data protection and cybersecurity. The leaking of sensitive information about vulnerable children is a serious breach of privacy and could have severe consequences for those affected. Governments need to take action to ensure that organisations are held accountable for protecting sensitive data and that appropriate penalties are in place for those who fail to do so.
In conclusion, the MPS District ransomware attack and subsequent data leak highlights the serious consequences of cybercrime, particularly in the education sector. Schools and other organisations must take cybersecurity seriously and invest in appropriate measures to protect sensitive information. Governments must also take action to ensure that organisations are held accountable for protecting data and that appropriate penalties are in place for those who fail to do so.