Additional reporting by Melody Hoffmann
On Wednesday MPS emailed parents about the “encryption virus” that has impacted the district’s systems for more than two weeks, including district-wide conferences, student log-ins, and e-learning. The statement reads, in part, “As many of you know, our network was infected with an encryption virus. We promptly engaged third-party computer specialists to assess the scope and nature of the event, and to assist us in securely restoring systems from our secure backups. This process is largely completed, and we thank all of you for your patience while some systems and applications were inaccessible.”
As of this week, students are still having issues logging into Microsoft systems and, at the time of publication, the staff directory is currently down on the district website.
According to the Star Tribune, teachers are still having trouble accessing some systems.
Chris Harrington, an MPS parent and information technology professional with the Star Tribune, said his child who is in MPS’s online school program is still having issues logging into a specific Microsoft system, Odysseyware, used by the district. His child is unable to do his Telescoped math coursework. Harrington said he isn’t primarily concerned about his kid getting access to math equations.
“As a parent I don’t give a crap about the Odysseyware thing,” Harrington said. “I am really adamantly concerned about the serious privacy implications.”
Harrington has two children in MPS, one in-person and one in online school. When we spoke with Harrington, nothing the district had communicated with parents had reassured him that his childrens’ data was safe.
Harrington is concerned about students who are victims of stalking, harassment, and swatting. What has happened to all of the students' data?
“That’s a critically dangerous consequence,” Harrington said.
In the district’s statements it has said data has not been lost, but whether data has been stolen is not clear. The latest update from MPS reads, “MPS has not paid a ransom to the threat actors and the investigation has not found any evidence that any data accessed has been used to commit fraud. However, if the ongoing investigation indicates that personal information has been impacted, the impacted individuals will be notified immediately.”
The length of time it has taken for the district to come back from the systems attack is also concerning to Harrington. Given Harrington’s experience with ransomware attacks, the district likely didn’t have solid back ups to their system otherwise whatever issues arose a few weeks ago would have been fixed in a matter of hours.
It’s been challenging for parents and MPS staff to know what is happening regarding the breach and what they need to do in case of a data breach. Only on Monday did MPS include digital safety tips in their parent update. The district’s update urges parents to change passwords “for any online personal accounts,” watch out for spam emails, monitor their financial accounts, to monitor financial accounts, and to consider a “credit freeze.”
The reason for the financial monitoring and password changes stems from the fact that parents may have used MPS devices and hotspots to access personal accounts.
The “encryption virus” is also the topic of some conversation on social media, though it is unknown what is rumor, what is rumor-truth, and what is actually true.
There are several reports on the MPS parents Facebook page that after-school programs have been canceled in the past week because system tracking of who can pick up children, and child health information are not working. Social media accounts have also reported that teachers can’t access their gradebooks, and even alarms in school buildings have been said to have been impacted.
Minneapolis Schools Voices contacted the district for comment on this story. They refused to comment on this story and said they have no other information related to any of the issues discussed in this article to release at this time.
On Monday, the school board held a closed emergency meeting related to security, as announced by Board Chair El-Amin in the Committee of the Whole meeting that same night.
While the district is sending out periodic updates, they have been largely uncommunicative with Minneapolis Schools Voices and the extent of the incident remains unknown, particularly in terms of any impacts to student data as well as where the problem originated. It is also unknown what the district did or did not do to prepare for the inevitability of a cybersecurity incident.
MPS said in a statement released to parents that they are working with law enforcement in the investigation.
MPS released the following statement on March 1, updating community members on the encryption event and sharing tips on how to protect one’s identity in case of stolen data.
We wanted to take the time to update you regarding our investigation into the encryption event we experienced, and to thank our IT Team for their tireless work restoring many systems over many long nights and weekends.
As many of you know, our network was infected with an encryption virus. We promptly engaged third-party computer specialists to assess the scope and nature of the event, and to assist us in securely restoring systems from our secure backups. This process is largely completed, and we thank all of you for your patience while some systems and applications were inaccessible.
Thankfully, due to the efforts of the MPS IT team and plan, as well as our secure backups, MPS was able to restore many of its systems. The ongoing investigation has determined that an unauthorized threat actor may have been able to access certain data located within the MPS environment.
Please note, MPS has not paid a ransom to the threat actors and the investigation has not found any evidence that any data accessed has been used to commit fraud. However, if the ongoing investigation indicates that personal information has been impacted, the impacted individuals will be notified immediately.
The threat actors may contact employees or staff in an attempt to coerce MPS to pay a ransom.
We want to caution you about receiving, interacting with, or responding to any suspicious emails or phone calls from someone you do not know related to this event. Be aware of possible phishing events and other potential scams. If you receive any of these threats or suspicious messages, report it to firstname.lastname@example.org. MPS is working with law enforcement and will continue to cooperate with authorities as their investigation continues.
We want to remind you again that as a best practice and out of an abundance of caution, all passwords for any online personal accounts that you may have accessed on MPS devices should be changed. Steps for doing this are outlined below.
We thank you all for your patience and understanding and we remain available should you have any questions or concerns. MPS continues working toward full restoration of our systems. By working together, we can help protect ourselves and our organization from any future attacks.
Steps You Can Take to Help Protect Personal Information
Change Your Passwords
In addition to the changes to our work passwords, we would encourage employees to consider changing passwords for accounts you may regularly access from work computers, such as Gmail, Amazon, Facebook, or your personal bank or credit card accounts, and any other passwords that you have not changed recently. We also encourage implementation of multi-factor/two-factor authentication whenever possible. Also, as many people often use the same password for many accounts, we are also encouraging you to take this opportunity to change the passwords for any personal accounts which would share the same or similar credentials as other accounts, including accounts accessed from company devices.
Look out for SPAM
Please be mindful that any email you receive may be fraudulent, and could come from a criminal. Please always think twice before opening any attachments or clicking on links that you are not expecting to receive. If you see anything suspicious, please do not access it, and let our IT department know immediately. That includes any messages to your work email account, as well as personal accounts.
Monitor Your Financial Accounts
We encourage all employees to monitor your bank, credit card and other financial accounts for any suspicious activity, and to consider placing freezes or holds when appropriate.
You should also monitor your credit report for any suspicious activity. Under U.S. law, a consumer is entitled to one free credit report annually from each of the three major credit reporting bureaus, Equifax, Experian, and TransUnion. To order your free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. You may also directly contact the three major credit reporting bureaus listed below to request a free copy of your credit report.
Consumers have the right to place an initial or extended “fraud alert” on a credit file at no cost. Should you wish to place a fraud alert, please contact any one of the three major credit reporting bureaus listed below.
As an alternative to a fraud alert, consumers have the right to place a “credit freeze” on a credit report, which will prohibit a credit bureau from releasing information in the credit report without the consumer’s express authorization. The credit freeze is designed to prevent credit, loans, and services from being approved in your name without your consent. However, you should be aware that using a credit freeze to take control over who gets access to the personal and financial information in your credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or application you make regarding a new loan, credit, mortgage, or any other account involving the extension of credit.
Pursuant to federal law, you cannot be charged to place or lift a credit freeze on your credit report. To request a security freeze, you may need to provide some or all of the following information:
- Full name (including middle initial as well as Jr., Sr., II, III, etc.);
- Social Security number;
- Date of birth;
- Addresses for the prior two to five years;
- Proof of current address, such as a current utility bill or telephone bill;
- A legible photocopy of a government-issued identification card (state driver’s license or ID card, etc.); and
- A copy of either the police report, investigative report, or complaint to a law enforcement agency concerning identity theft if you are a victim of identity theft.
Should you wish to place a credit freeze or fraud alert, please contact the three major credit reporting bureaus listed below: