Minneapolis Public Schools says hackers behind alleged attack posted some data online
MINNEAPOLIS -- Minneapolis Public Schools is not the first district under cyber attack, and it won't be the last -- but that doesn't make it any less urgent.
Nearly two weeks after alerting parents of an "encryption event," administrators on Tuesday raised the alarm by reporting the "threat actor" claiming responsibility for the hack posted some of the stolen data.
"This action has been reported to law enforcement, and we are working with IT specialists to review the data in order to contact impacted individuals," an MPS spokeswoman told WCCO in a statement. "We are also working with the online host company to get the information removed as quickly as possible."
MPS administrators declined WCCO's request for an interview, and also chose not to answer our questions sent via email.
Last week, administrators told parents there was no evidence that the data has been used to commit fraud. MPS, however, still encouraged employees, parents and staff to remain vigilant of suspicious emails or phishing attempts.
According to state officials, schools and universities were the targets of at least 78 cyber attacks in 2022, in addition to 111 counties and 39 municipalities.
"Cyber attacks continue to evolve," said John Israel, chief security officer at the Minnesota Department of Information Technology. "They're very persistent. We're seeing cyber actors that are going off for organizations large and small and looking for an ability to not only collect data on people and individuals, but also encourage additional attacks and ways to monetize these events."
International Falls School District was targeted in September 2022, just one week into the school year.
"Once you're attacked, that's not the time you really want to learn," said Superintendent Kevin Grover. "It's that feeling that your heart sinks."
Federal cyber officials offer four critical steps everyone can take to protect themselves online:
Protect your computer by using security software. Set the software to update automatically so it can deal with any new security threats.
Protect your mobile phone by setting software to update automatically. These updates could give you critical protection against security threats.
Protect your accounts by using multi-factor authentication. Some accounts offer extra security by requiring two or more credentials to log in to your account. This is called multi-factor authentication. The additional credentials you need to log in to your account fall into two categories:
- Something you have — like a passcode you get via an authentication app or a security key.
- Something you are — like a scan of your fingerprint, your retina, or your face.
Multi-factor authentication makes it harder for scammers to log in to your accounts if they do get your username and password.
Protect your data by backing it up. Back up your data and make sure those backups aren't connected to your home network. You can copy your computer files to an external hard drive or cloud storage. Back up the data on your phone, too.
