Minneapolis school district says data breach affected more than 100000 people

pppMinneapolis Public Schools has begun notifying more than 100000 people that their personal information may have been leaked after a cyberattack early this yearppThe school system started sending letters late last week according to local media reports and on Tuesday a notice posted on Maines data breach notification site said that 105617 people were affectedppThe Medusa ransomware group claimed the attack on March 7 demanding 1 million to decrypt MPS systems The school district did not pay up Ten days later the gang leaked data including what appeared to be highly sensitive student files and it posted a 51minute video that included screenshots of the allegedly stolen informationppIn its notification letter the school district said it would have informed victims earlier but it needed time for a comprehensive review to determine whether sensitive information was present in the leakppThis process was timeintensive and required both computer assisted and manual review the letter said This process was completed on July 24 2023 Although it has been difficult to not share more information with you sooner the accuracy and the integrity of the review were essentialppThe Associated Press had reported in early July that students and families were frustrated with the lack of formal notification from the district The Daily Dot reported Tuesday that families have emailed administrators about various examples of fraud and other abuses that seemed to stem from the data breachppThe breach began February 6 and continued until at least February 18 when MPS said it became aware of the suspicious activity and notified law enforcement The district said a preliminary review had been completed on March 22 and on April 7 it sent notice to a limited number of known impacted individualsppMPS said it is providing 24 months of credit monitoring and identity theft restoration services It also has created a dedicated phone line for victims of the incidentppAs part of MPSs ongoing commitment to the security of information our policies and procedures regarding information security are being reviewed and enhanced additional safeguards have been implemented and additional training is being conducted to reduce the likelihood of a similar event in the future the letter saidppThe incident which MPS initially called an encryption event disrupted systems for about a week in late FebruaryppppSince then its been a tough year for school districts around the country as ransomware groups continue to target exposed systems Recent victims include districts in Pennsylvania and Maryland Another set of Minnesota schools in the city of Rochester faced a cyberattack not long after the Minneapolis incidentppJoe Warminsky is the news editor for Recorded Future News He has more than 25 years experience as an editor and writer in the Washington DC area Most recently he helped lead CyberScoop for more than five years Prior to that he was a digital editor at WAMU 885 the NPR affiliate in Washington and he spent more than a decade editing coverage of Congress for CQ Roll Callpp Copyright 2023 The Record from Recorded Future Newsp