Minneapolis schools report that data was posted on dark web after cyberattack

Minneapolis Public Schools acknowledged Friday that some personal data was leaked to the dark web as a result of a cyberattack the district experienced in late February.

In an update on the Minneapolis Public Schools website, the district said officials are "working with cybersecurity specialists to quickly and securely download the data" to determine the "full scope of what personal information was impacted" and to whom it belongs. The dark web is an area of the internet that is not indexed and often is associated with criminal activity.

This review will take time, officials said, and the district will directly contact anyone whose data has been shared.

"You will receive both an email and a mailed letter to ensure communication is completed," the district said. "We are offering all potentially affected individuals free credit monitoring and identity protection services through Experian."

District officials declined to comment further Friday.

Cyberattacks are a growing threat to school districts, which have seen their insurance premiums rise in recent years. Experts note schools often have thousands of devices used by students and staff who could click on anything. That, combined with budget crunches that lead to slim IT departments, can make them more vulnerable.

The Minneapolis district has not said exactly how its breach occurred.

On Feb. 24, the district started referring to the technology trouble as an "encryption event," encouraging people to change their passwords on district devices as a "best practice and out of an abundance of caution." Officials said they had no evidence that personal information had been compromised.

On March 7, the district told families that a "threat actor" had claimed responsibility for the encryption event and had posted some Minneapolis Public Schools data online.

A ransomware group called Medusa claimed responsibility for the cyberattack, posted a video online and demanded a $1 million ransom.

That video, which since has been removed, showed screenshots of a variety of information, including spreadsheets that appeared to list student names and addresses, disciplinary information and forms that could contain sensitive employee information, such as W-2s. Other images appear to show lesson plans, enrollment projections and district forms and policy documents.

The district has said it reported incidents related to the cyberattack to law enforcement and families were told to be cautious about scams.