Minneapolis Public Schools: Hacked data released on dark web

District officials with Minneapolis Public Schools say some MPS data was released onto the dark web Friday by a threat actor.

According to the district, they are working with cybersecurity experts to download the data so they can look into what personal information was released on the internet.

While the process will take some time, the school district says all people impacted by the data release will be notified.

In an update provided on the district’s website, officials wrote that a review of data that was accessed and then posted online when an encryption virus hit has finished, and those affected will be notified by email and a mailed letter. In addition, the district says everyone potentially affected will be able to get free credit monitoring and identity protection services.

The district went on to say it has now fully restored its systems and doesn’t need to cooperate with the person or persons responsible for the data release.

Ian Coldwater, an MPS parent, is also hired by companies to hack into their computer systems. They accused the school district of downplaying the severity of the security breach.

“Because I work in cybersecurity, I know exactly what this meant: ransomware,” Coldwater said.

Coldwater said they hadn’t seen Friday’s data release but did see a sample posted earlier on the dark web.

“I didn’t not see my name in the dataset that I saw, but I assume it’s in there,” Coldwater said. “I think that MPS parents, staff, current and former students, bus drivers, vendors who have done business with MPS — in absence of further information from the district, everybody should assume their data is in there.”

Former FBI Agent Chris Tarbell, who specializes in cyber investigations, now with the firm Naxo, suggests those connected to the school district should change their passwords now.

The district previously mentioned it had not paid a ransom to the threat actors. Tarbell explained that traditionally a business is given time to pay up.

“They give you about a month. In this time frame, we’re seeing about a month where they say, ‘You can pay, and then I’ll unlock it. … If you don’t pay, I’m going to publish the information, and I’m going to embarrass you,'” he said.

Tarbell said more schools are being targeted in ransomware attacks, sometimes due to systems that aren’t as secure.

State data shows 78 Minnesota schools and universities experienced cybersecurity incidents last year.

RELATED: MPS working to enhance security following recent encryption event

As previously reported, the district began experiencing what they called “technical difficulties” in late February, just before parent-teacher conferences were scheduled to begin. At that time, the district said no data was lost during the incident because it was being backed up, and that the district changed relevant passwords and implemented multi-factor authenticity.

Later that same week, the district confirmed it was dealing with an encryption event but still maintained that no personal information had been compromised.