Inappropriate image sent to parents on school messaging app
ROSEVILLE, Minn. -- Sticks and stones may break bones, but cyber attacks can really hurt.
"I worry first and foremost about the safety of my kids, what kind of information is shared with who and without our knowledge," Roseville dad Casey Thompson told WCCO. "It certainly makes me worried about what they're being exposed to or what people might be gathering about my children."
That sense of worry was amplified this week after a nationwide cyberattack that sent users, including those in Minnesota, an "inappropriate message" on a popular parent-teacher communication app has been shut down.
The Seesaw app is used by school districts across the state - including Minneapolis Public Schools and Roseville Area Schools.
"I think this was an easy target," John Israel, Security Operations Manager at the Minnesota Department of Information and Technology (MNIT), explained to WCCO. "We're seeing more and more of these online platforms being created for students and parents, and they may have data and information on the students or information that may be valuable for somebody that's trying to find a way to just get into systems."
According to Seesaw's parent company, the attack targeted less than 0.5% of users, but it forced a messaging feature to shut down for two days. The app has since asked affected users to reset their passwords.
"I think what happened in this event was a situation where people have been reusing passwords," Israel added. "So we see that quite a bit, where somebody may use the same password for their email, for their bank, for all kinds of other systems. When the hackers or attackers go in, they try to collect [those passwords] and then try to log in to other systems to see what they can get into."
A 2021 report from MNIT reported at least 262 cyber attacks against schools and universities in Minnesota.
Federal agents at the FBI and CISA this month also issued an alert warning of more attacks on schools this year.
"Over the past several years, the education sector, especially kindergarten through twelfth grade (K12) institutions, have been a frequent target of ransomware attacks," the advisory states. " School districts with limited cybersecurity capabilities and constrained resources are often the most vulnerable; however, the opportunistic targeting often seen with cybercriminals can still put school districts with robust cybersecurity programs at risk."
Federal cyber officials also offered four critical steps everyone can take to protect themselves online:
- Protect your computer by using security software. Set the software to update automatically so it can deal with any new security threats.
- Protect your mobile phone by setting software to update automatically. These updates could give you critical protection against security threats.
- Protect your accounts by using multi-factor authentication. Some accounts offer extra security by requiring two or more credentials to log in to your account. This is called multi-factor authentication. The additional credentials you need to log in to your account fall into two categories:
Something you have — like a passcode you get via an authentication app or a security key.
Something you are — like a scan of your fingerprint, your retina, or your face.
Multi-factor authentication makes it harder for scammers to log in to your accounts if they do get your username and password. - Protect your data by backing it up. Back up your data and make sure those backups aren't connected to your home network. You can copy your computer files to an external hard drive or cloud storage. Back up the data on your phone, too.
The app makers say the attack targeted less than 0.5% of users, but it forced a messaging feature to shut down for two days, and asked impacted users to reset their passwords.
