Lawyer says MPS hasn’t contacted hacking victims 5 months later

MINNEAPOLIS — Five months after cyber criminals attacked Minneapolis Public Schools, a new, scathing report from the Associated Press says that officials still haven’t informed the victims.

Some of the information, including highly sensitive medical records, like assault complaints, social security numbers and union grievances, were leaked online after the district didn’t pay a $1 million ransom. 

One lawyer now representing some of the victims says his firm is investigating whether the district violated any of its obligations under Minnesota’s Data Practices Act. 

The breach, that the Minneapolis school district said included the release of personal data, wasn’t disclosed until mid-March. Experts call it an aggressive attack that included 300,000 files. 

“This is not an MPS problem, this is not a Minneapolis problem, this is not a public school problem,” said cybersecurity expert Ian Coldwater. “This happens all over the place to all kinds of places.”

Research shows one in three districts across the country were breached by 2021. What little resources there were then were spent on remote learning and internet connectivity.

Minnesota’s IT specialists confirm it got a $5.5 million boost from lawmakers this legislative session. The state also got another $18 million in federal funds that entities, like school districts, can apply for to upgrade its infrastructure. 

“These families are floored and totally taken by surprise,” said attorney Jeff Storms, who represents some of the victims. 

“They had no idea their children’s sensitive information had been leaked on the internet and from what we’ve seen from the scope of this breach, the district did not take reasonable measures to…