MPS: Data accessed during encryption event posted online

Minneapolis Public Schools is now warning families that personal data that was accessed when the district was hit by an encryption virus has now been posted online.

“This action has been reported to law enforcement, and we are working with IT specialists to review the data in order to contact impacted individuals. We are also working with the online host company to get the information removed as quickly as possible,” the school district said in an email to families Tuesday.

The update comes a week after the district cautioned families that the “threat actors may contact employees or staff in an attempt to coerce MPS to pay a ransom” and warned parents to watch for possible phishing events and scams. MPS also recommended families change passwords for any online accounts accessed on the district’s devices and closely watch their financial accounts for suspicious activity. The district reiterated those warnings again Tuesday.

“We want to caution you again about receiving, interacting with, or responding to any suspicious emails or phone calls from someone you do not know related to this event. Be aware of possible phishing events and other potential scams,” the district’s email said. “If you receive any of these threats or suspicious messages, report it to privacy@mpls.k12.mn.us.”

The event all started more than two weeks ago. The night before parent-teacher conferences on Feb. 21, the district abruptly canceled them, citing “technical difficulties.” At that point, the district only said it was working with third-party specialists, and no data was lost.

Later that week, the district confirmed it was dealing with an encryption event but still maintained that no personal information had been compromised. Then, last week, the district sounded the alarm about the “threat actors” possibly contacting others about a ransom and the need for families to watch their personal accounts closely.

5 EYEWITNESS NEWS didn’t receive any additional comment from the district regarding Tuesday’s update. Additionally, a spokesperson for the FBI’s Minneapolis office couldn’t confirm or deny whether the agency is investigating the MPS encryption event.

Marcia Cole, a University of Minnesota cybersecurity expert, says school districts are often targeted in these kinds of attacks.

“The encryption event, that’s kind of a euphemism for ransomware,” she said. “School and hospitals, for example, are pretty easy targets. They don’t typically spend a lot of money on their security infrastructure. The money’s going to other things.”

Tony Chiapetta, president of CHIPS, a White Bear Lake cybersecurity firm, said school districts store lots of personal information and handle large amounts of money. He added that money is usually the motive in these cyberattacks.

“So they can take the data that is personally identifiable — information that is worth something,” Chiapetta says. “And they can either get a ransom demand paid by the school or the university, or they can sell it on the dark web to people that will turn it around and use the information for other scams and that kind of thing.”

Cole says families should be aware of phishing events or other scams and that people should be cautious of online offers that sound too good to be true, like urgent requests for banking information.

Larger institutions should be in the habit of backing up their data, too, Cole advised.

“For all organizations, it’s not if — it’s when,” Cole said. “That everyone needs to stay vigilant, that information security is a shared responsibility. We’re all in on this.”