MINNEAPOLIS — Five months after cyber criminals attacked Minneapolis Public Schools, a new, scathing report from the Associated Press says that officials still haven't informed the victims.
Some of the information, including highly sensitive medical records, like assault complaints, social security numbers and union grievances, were leaked online after the district didn't pay a $1 million ransom.
One lawyer now representing some of the victims says his firm is investigating whether the district violated any of its obligations under Minnesota's Data Practices Act.
The breach, that the Minneapolis school district said included the release of personal data, wasn't disclosed until mid-March. Experts call it an aggressive attack that included 300,000 files.
"This is not an MPS problem, this is not a Minneapolis problem, this is not a public school problem," said cybersecurity expert Ian Coldwater. "This happens all over the place to all kinds of places."
Research shows one in three districts across the country were breached by 2021. What little resources there were then were spent on remote learning and internet connectivity.
Minnesota's IT specialists confirm it got a $5.5 million boost from lawmakers this legislative session. The state also got another $18 million in federal funds that entities, like school districts, can apply for to upgrade its infrastructure.
"These families are floored and totally taken by surprise," said attorney Jeff Storms, who represents some of the victims.
"They had no idea their children's sensitive information had been leaked on the internet and from what we've seen from the scope of this breach, the district did not take reasonable measures to protect the status," said Storms.
Storms also says the district also hasn't contacted the victims.
While Coldwater calls the ongoing battle against hackers an uphill one.
"Not everything can be easily dealt with," said Coldwater. "Ransomware operators will target and attack whatever they can get a hold of."
Coldwater also suggests that schools encrypt their data, segment the network so hackers can't see everything all at once and have a data retention policy in place.
In a statement, MPS says it's continue to review all the data that was downloaded onto the web, writing, "This has been arduous manual process that should be concluded soon. Accuracy is key. MPS has every intention of notifying individuals whose information may have been made accessible in this breach. As a precautionary measure, potentially impacted individuals will be offered free credit monitoring services, including information on how they can place a fraud alert on their credit file, place a security freeze on their credit file, and obtain a free credit report."
Watch more local news:
Watch the latest local news from the Twin Cities and across Minnesota in our YouTube playlist:
WATCH MORE ON KARE 11+
Download the free KARE 11+ app for Roku, Fire TV, Apple TV and other smart TV platforms to watch more from KARE 11 anytime! The KARE 11+ app includes live streams of all of KARE 11's newscasts. You'll also find on-demand replays of newscasts; the latest from KARE 11 Investigates, Breaking the News and the Land of 10,000 Stories; exclusive programs like Verify and HeartThreads; and Minnesota sports talk from our partners at Locked On Minnesota.
- Add KARE 11+ on Roku here or by searching for KARE 11 in the Roku Channel Store.
- Add KARE 11+ on Fire TV here or by searching for KARE 11 in the Amazon App Store.
- Learn more about the KARE 11+ app for Apple TV in the Apple App Store.
- Learn more about KARE 11+ here.