On Friday morning, Minneapolis Public Schools sent out an email to staff and families letting them know that data from the February 18 ransomware attack is now on the dark web. The dark web is a part of the internet that is accessible through specific software. 

“We are working with cybersecurity specialists to quickly and securely download the data so that we can conduct an in-depth and comprehensive review to determine the full scope of what personal information was impacted and to whom the information relates,” the MPS email reads. “You will be contacted directly by MPS if our review indicates that your personal information has been impacted.”

At Tuesday’s school board meeting, Interim Superintendent Rochelle Cox and board chair Sharon El-Amin addressed the MPS community about the ransomware attack. 

Minneapolis Schools Voices has been reporting on the Minneapolis Public Schools ransomware attack that occurred on February 18. 

MPS Acknowledges Major Systems Attack (March 3)

Medusa claims responsibility of district ransomware attack (March 10)

Here is Cox’s statement in full from March 15’s meeting: 

“First I want to echo Chair El-Amin’s words of both gratitude, to everyone working constantly to support MPS through the IT incident, and for the frustration and anger that this is where our collective time and energy and resources must be dedicated and focused, instead of on supporting our students.

As we now know, the MPS network was infected with an encryption virus that was first discovered on Saturday, February 18. We promptly notified all staff, and engaged third-party forensic IT specialists to assess the scope and nature of the event, and to assist us in restoring systems from our secure backups. This process is ongoing. 

Thankfully, due to the efforts of the MPS IT team and their planning, as well as our secure backups, MPS was able to restore many of its systems. Let me say that again. We were able to become functional much more quickly than some of the other school districts that have been violated in this way. That is because our IT team has worked nonstop, and because we had reliable backup records to which we could turn to. 

Nevertheless, the criminals behind the effort have been able to access, and publicly share MPS data. Importantly, MPS has still not found any evidence that any of the data accessed has been used to commit fraud. 

I know it's hard. It’s hard for the MPS community to not yet know if each person’s individual data has been accessed. MPS data that we know was shared and was potentially accessed is currently ongoing an in-depth and comprehensive review. And this takes time. 

I can tell you that not every employee, student or constituent will have their data accessed as a result of this event. To date, the majority of the messages we have thus far indicate only standard phishing attempts on accounts related to MPS’s recent system encryption- emails and texts about locked Amazon accounts, locked Netflix accounts, false invoices, free giveaways, spam calls, and texts. As much as we would all like the data review to happen overnight, the process will take time. And must be accurate. 

We have a team of both internal and external specialists working on this. Individuals will be contacted directly by MPS if this review indicates your personal information has been impacted. Impacted individuals will be provided with free credit monitoring and identity protection services. 

MPS has created a webpage with an overview of all of the updates we provided over the past couple of weeks, as well as information about how to protect your personal information. While our team, in partnership with contracted specialists, are working around the clock to recover from this issue and focus on providing notifications, I also call on policy-makers and leaders to take swift and comprehensive action on a federal response to the growing number of these types of events.

While we will keep doing everything in our power to prevent and respond to these sorts of events, districts, cities and other public entities need support and expertise, both preventative and in response to these sort of events. Please continue to take the recommended steps to protect yourself. We will provide updates and new information as it is discovered.”    

El-Amin shared the following statement during the March 14 school board meeting: 

“I would like to extend my sincerest thanks to the IT team and those working alongside them the past couple of weeks as they work to secure and restore our systems, as well as review the data, in order to make notifications to those impacted. But most of all I want to acknowledge the difficulty in both waiting for information to be understood and then shared, as well as to the violation we have experienced at the hands of criminals, those who would use their intelligence and skills for evil and extortion, rather than good.

As we have come to learn more about recently, having joined the long and growing list of school districts who have experienced cyber attacks, I know the amount of time it can take to fully understand what happened, to fix systems, and to be able to review data to inform impacted individuals can be extremely frustrating. 

We, too, are frustrated with you. 

As this work continues, we again encourage everyone whether you have been or are presently part of MPS to please take the steps now to protect yourself through the following IT best practices, including updating passwords, watching for potential spam and/or fraud attempts, and monitoring financial accounts. These steps can be found at our website. And those whose personal data it has been determined has been accessed will receive an individual notification which will include instructions for free identity monitoring services. Again, we are sorry for this situation and I thank those working to help address it.”