MINNEAPOLIS — Weeks after Minneapolis Public Schools first reported an "encryption" event targeted the district's systems, MPS says online "threat actors" have now released personal data that was accessed during the breach.
In an update posted on the district's website, MPS said the data was released on the "dark web, a part of the internet accessible only with special software that allows users to remain untraceable."
Among the leaked data, which dates back to 1995, is payroll and health information, union grievances, civil rights investigations and even assault complaints, according to local cybersecurity expert Ian Coldwater, whose son is also a high schooler in the district. Friday, the district denied KARE 11 Jennifer Hoff's request for an interview.
The district said it's working with other cybersecurity experts to access the leaked data to determine what additional information was released, and who was impacted. Individuals identified in the data will be contacted by MPS, the district said.
Coldwater told Hoff that the group claiming responsibility for the data breach gave the district a deadline of 3:30 a.m. on Friday, March 17 to either pay a $1 million ransom or risk having the data released.
"Generally speaking, what motivates them is money and it’s unfortunately relatively common for them to target things like school districts and hospitals," said Coldwater.
"The district has been downplaying what’s going on here for a long time," said Coldwater. "This is going to be an ongoing thing and this data could potentially affect people for a very long time."
The district first reported schools and staff were impacted by a "system incident" on Saturday, Feb. 18.
By March 1, the district confirmed that an "unauthorized threat actor" infected its network with a virus and said it had no plan to pay a ransom to the hackers, but didn't go so far as to call the incident a ransomware attack. A week later, the group responsible for the hack posted some of the MPS data online.
For weeks, MPS has urged staff and families to update their passwords for accounts that were accessed on MPS devices. Following Friday's data leak, the district is still urging people to be cautious about suspicious emails or phone calls, and to avoid downloading or sharing any data released by those responsible for the hack.
The district also said it plans to offer all potentially affected individuals free credit monitoring and identity protection services through Experian.
"I would like the district to be more transparent and communicative about what’s going on," said Coldwater. "Data breaches happen, ransomware happens, what’s important is how you respond to it."
On Twitter, Coldwater posted several links to government guidance on how to report, prevent and respond to identity theft.
They also included a link on how to put a freeze on your children's credit and utility accounts.
Coldwater also stresses that if you're a victim, it won’t necessarily happen right away, so keep checking your accounts periodically into the future.
Watch more local news:
Watch the latest local news from the Twin Cities in our YouTube playlist:
WATCH MORE ON KARE 11+
Download the free KARE 11+ app for Roku, Fire TV, and other smart TV platforms to watch more from KARE 11 anytime! The KARE 11+ app includes live streams of all of KARE 11's newscasts. You'll also find on-demand replays of newscasts; the latest from KARE 11 Investigates, Breaking the News and the Land of 10,000 Stories; exclusive programs like Verify and HeartThreads; and Minnesota sports talk from our partners at Locked On Minnesota.
- Add KARE 11+ on Roku here or by searching for KARE 11 in the Roku Channel Store.
- Add KARE 11+ on Fire TV here or by searching for KARE 11 in the Amazon App Store.
- Learn more about KARE 11+ here.