With additional reporting from Melissa Whitler and Cirien Saadeh.
Medusa, a ransomware group, has claimed responsibility for the ransomware attack that disrupted Minneapolis Public Schools operations for numerous weeks in February. On Tuesday the district announced that Medusa had posted a 51 minute compilation video online showing the types of data that were stolen from the district during what it called its “encryption event.” Medusa posted the video on Vimeo but it was taken down by Tuesday evening.
Only since Tuesday has the district been more forthcoming about the severity of the ransomware attack.
Minneapolis Schools Voices watched parts of the Medusa video Tuesday. The video is a montage of files being scrolled through and different folders being clicked on while synth music played as background music. Due to the sensitive nature of the files, we are not posting screenshots of the data.
What we saw: funeral notices, counseling files for students, teacher evaluation forms, spreadsheets with student data including names and addresses, spreadsheets with teacher data including names, addresses, and their current status at the district, budget information from specific schools (which is already public information), various empty bureaucratic forms, and internal emails about various district projects.
Since the initial ransomware attack, the district has not been transparent about the severity of this data breach. On March 9, the district posted a web page titled "Restoring MPS Systems and Protecting Personal Data." Up until this point, we have been relying on outside sources about what to do next if you are a MPS student, staff, or family member and are concerned about this data breach.
After talking to numerous sources with education IT security backgrounds we are confident in telling you the following:
- The district’s data was stolen. The district has stated it has backups of the data that was stolen. The video that Medusa made and posted online showed a massive amount of data is in their hands.
- If you have attended MPS in the past 10 years and have used a MPS device or hotspot to access anything personal (e.g. a social media account, email account, bank account, or simply logged into any account), change that password now. This Twitter thread, by Ian Coldwater, has a lot of resources for protecting yourself online.
Minneapolis Public Schools is not the only district to be hacked in this way, recently.
Please leave a comment below if you have questions that we can ask our IT sources. When our reporters have asked the district for comment they have told us they are prioritizing communicating with staff and MPS families first.
