Kyler Kent CISSP 
Minneapolis Public Schools logo (image source: Minneapolis Public Schools (StarTribune), n.d.)
One-sentence summary:
The Minneapolis Public Schools ransomware attack by Medusa resulted in a diverse leak of over 189k documents containing sensitive information of students and staff.
Who was involved?
Minneapolis Public Schools, the Medusa ransomware gang, and an unknown number of students and staff.
What was the timeline?
February 21, 2023: Minneapolis Public Schools makes first press release on the ransomware attack
March 1, 2023: Minneapolis Public Schools confirms an “encryption event” (AKA ransomware attack) and potential data breach
March 7, 2023: Initial leaked data is published online (Minneapolis Public Schools, 2023)
March 17, 2023: MPS completes a review of the data published online and has begun victim notification (Minneapolis Public Schools, 2023)
March 22, 2023: Medusa gang allegedly publishes 100GB online (Wiita, 2023)
April 11, 2023: Milestone for MPS restoring their systems and notifying potential breach victims
What occurred?
Minneapolis Public Schools suffered a ransomware attack by the Medusa ransomware gang in February 2023, resulting in significant operational disruption and the potential breach of sensitive information for students and employees, including “Social Security Numbers, bank account information, and private health data” and “records related to student sexual violence allegations, district finances, student discipline, special education, civil rights investigations, student maltreatment and sex offender notifications” (Minneapolis Public Schools, 2023; Wiita, 2023; Keierleber, 2023a). Over 189,000 leaked documents are purported to have been leaked detailing such information by the Medusa ransomware gang (Keierleber, 2023b).
Estimated costs:
Incident response costs, breach notification costs, operational costs due to downtime, incident response, and restoration
Involved laws:
Federal: HIPAA, HITECH, and FERPA
Root cause:
TBA or N/A (see disclaimer)
Lessons learned:
TBA or N/A (see disclaimer)
Sources:
Keierleber, M. (2023a, March 9). Hackers Use Stolen Student Data Against Minneapolis Schools in Brazen New Threat. https://www.the74million.org/article/hackers-use-stolen-student-data-against-minneapolis-schools-in-brazen-new-threat/
Keierleber, M. (2023b, May 5). Minneapolis Data Breach a ‘Worst-Case Scenario’ after Ransomware Attack. https://www.the74million.org/article/from-campus-rape-cases-to-child-abuse-reports-worst-case-data-breach-rocks-mn-schools/
Minneapolis Public Schools. (2023, March 17). Updates: Restoring MPS Systems and Protecting Personal Data. Retrieved May 8, 2023, from https://its.mpls.k12.mn.us/mps_systems_data
Minneapolis Public Schools (StarTribune). (n.d.). 1amps.jpg. StarTribune.com. https://cdn.vox-cdn.com/uploads/chorus_asset/file/22661448/1amps.jpg
O’Neal, N. (2023, February 3). Minneapolis Public Schools was nearly conned out of $500K. FOX 9 Minneapolis-St. Paul. https://www.fox9.com/news/minneapolis-public-schools-was-nearly-conned-out-of-500k
Wiita, T. (2023, March 24). Stolen Minneapolis Public Schools data released online, may contain SSNs. Bring Me the News. Retrieved May 8, 2023, from https://bringmethenews.com/minnesota-news/stolen-minneapolis-public-schools-data-released-online-may-contain-ssns
Commentary:
This is not the first cyber incident for Minneapolis Public Schools. In 2020, an employee fell victim to an email phishing attack nearly costing the district $500,000 (O’Neal, 2023).
