St. Paul Public Schools notifies families of data breach from February

Data breach at SPPS

Data breach at SPPS

St. Paul Public Schools notified families and staff last week of a “data security incident” last winter that may have exposed students’ names and email addresses.

In a letter sent out on Friday, the district said it became aware of the issue in February and flagged the FBI, Minnesota IT Services and the Minnesota Department of Public Safety to investigate “an unauthorized third party” that had accessed district data.

The full scope of the breach wasn’t made clear until mid-July, but SPPS says it has identified everyone whose data might have been accessed. At this point, the district says it “has no reason to believe” there was any fraudulent use of anyone’s personal information.

“Please be assured that SPPS has no evidence that passwords, personal email addresses, physical addresses, or sensitive information such as social security numbers or payment card information was compromised as a result of this incident,” the district said in its letter.

All SPPS students got new passwords on Friday.

This incident happened around the same time hackers accessed Minneapolis Public Schools servers in a suspected ransomware attack.

Last week, MPS sent out notices to more than 100,000 people telling them their names, addresses, birth dates, Social Security numbers, driver’s license numbers, financial accounts, and medical and health information might have been accessed and posted online.

The University of Minnesota and the Minnesota Department of Education are also dealing with recent data breaches.