Tag Archive for: school

Ransomware criminals dumping kids’ files online after school hack

/in


Nearly fourth months after an attack on Minneapolis Public Schools that dumped sexual assault case files online, administrators have not informed individual victims.

MINNEAPOLIS — The confidential documents stolen from schools and dumped online by ransomware gangs are raw, intimate and graphic. They describe student sexual assaults, psychiatric hospitalizations, abusive parents, truancy — even suicide attempts.

“Please do something,” begged a student in one leaked file, recalling the trauma of continually bumping into an ex-abuser at a school in Minneapolis. Other victims talked about wetting the bed or crying themselves to sleep.

Complete sexual assault case folios containing these details were among more than 300,000 files dumped online in March after the 36,000-student Minneapolis Public Schools refused to pay a $1 million ransom. Other exposed data included medical records and discrimination complaints.

Rich in digitized data, the nation’s schools are prime targets for far-flung criminal hackers, who are assiduously locating and scooping up sensitive files.

Often strapped for cash, districts are grossly ill-equipped not just to defend themselves but to respond diligently and transparently when attacked, especially as they struggle to help kids catch up from the pandemic and grapple with shrinking budgets.

Months after the Minneapolis attack, administrators have not delivered on their promise to inform individual victims. Unlike for hospitals, no federal law exists to require this notification from schools.

The Associated Press reached families of six students whose sexual assault case files were exposed. The message from a reporter was the first time anyone had alerted them.

“Truth is, they didn’t notify us about anything,” said a mother whose son’s case file has 80 documents.

Even when…

Source…

Ransomware criminals dump personal information of students online after stealing files from MN school

/in


The confidential documents stolen from schools and dumped online by ransomware gangs are raw, intimate and graphic. They describe student sexual assaults, psychiatric hospitalizations, abusive parents, truancy — even suicide attempts.

“Please do something,” begged a student in one leaked file, recalling the trauma of continually bumping into an ex-abuser at a school in Minneapolis. Other victims talked about wetting the bed or crying themselves to sleep.

Complete sexual assault case folios containing these details were among more than 300,000 files dumped online in March after the 36,000-student Minneapolis Public Schools refused to pay a $1 million ransom. Other exposed data included medical records and discrimination complaints.

Rich in digitized data, the nation’s schools are prime targets for far-flung criminal hackers, who are assiduously locating and scooping up sensitive files.

Often strapped for cash, districts are grossly ill-equipped not just to defend themselves but to respond diligently and transparently when attacked, especially as they struggle to help kids catch up from the pandemic and grapple with shrinking budgets.

Months after the Minneapolis attack, administrators have not delivered on their promise to inform individual victims. Unlike for hospitals, no federal law exists to require this notification from schools.

The Associated Press reached families of six students whose sexual assault case files were exposed. The message from a reporter was the first time anyone had alerted them.

“Truth is, they didn’t notify us about anything,” said a mother whose son’s case file has 80 documents.

US MARSHALS SERVICE ATTACKED BY RANSOMWARE TARGETING SENSITIVE LAW ENFORCEMENT INFORMATION

Even when schools catch a ransomware attack in progress, the data are typically already gone. That was what Los Angeles Unified School District did last Labor Day weekend, only to see the private paperwork of more than 1,900 former students — including psychological evaluations and medical records — leaked online. Not until February did district officials disclose the breach’s full dimensions.

The lasting legacy of school ransomware attacks, it turns out, is not in school closures,…

Source…

Ransomware criminals are dumping kids’ private files online after school hacks

/in


The confidential documents stolen from schools and dumped online by ransomware gangs are raw, intimate and graphic. They describe student sexual assaults, psychiatric hospitalizations, abusive parents, truancy — even suicide attempts.

“Please do something,” begged a student in one leaked file, recalling the trauma of continually bumping into an ex-abuser at a school in Minneapolis. Other victims talked about wetting the bed or crying themselves to sleep.

Complete sexual assault case folios containing these details were among more than 300,000 files dumped online in March after the 36,000-student Minneapolis Public Schools refused to pay a $1 million ransom. Other exposed data included medical records, discrimination complaints, Social Security numbers and contact information of district employees.

Rich in digitized data, the nation’s schools are prime targets for far-flung criminal hackers, who are assiduously locating and scooping up sensitive files that not long ago were committed to paper in locked cabinets. “In this case, everybody has a key,” said cybersecurity expert Ian Coldwater, whose son attends a Minneapolis high school.

Often strapped for cash, districts are grossly ill-equipped not just to defend themselves but to respond diligently and transparently when attacked, especially as they struggle to help kids catch up from the pandemic and grapple with shrinking budgets.

Months after the Minneapolis attack, administrators have not delivered on their promise to inform individual victims. Unlike for hospitals, no federal law exists to require this notification from schools.

The Associated Press reached families of six students whose sexual assault case files were exposed. The message from a reporter was the first time anyone had alerted them.

“Truth is, they didn’t notify us about anything,” said a mother whose son’s case file has 80 documents.

Even when schools catch a ransomware attack in progress, the data are typically already gone. That was what Los Angeles Unified School District did last Labor Day weekend, only to see the private paperwork of more than 1,900 former students — including psychological evaluations and medical records — leaked online….

Source…

“Worst-case scenario”: Cybersecurity experts confirm school security blueprints stolen in MPS ransomware attack

/in


MINNEAPOLIS — It was known then but it’s even more apparent now: the ransomware attack against Minneapolis Public Schools was massive.

Mark Lanterman, former member of the U.S. Secret Service Electronic Crimes Task Force, described it as a “worst-case scenario,” and confirmed that highly sensitive security information, including campus blueprints, alarm schematics and the placement of surveillance cameras, were all among the documents stolen.

“My advice to the school district – get new IT staff because someone fell asleep at the wheel during this event,” Lanterman said bluntly. “The faucet of data was on for a long time. This was not a transfer of data like downloading a movie on iTunes that took 10 minutes. This took hours if not days if not longer. There are hundreds of thousands of files here.”

Emails from Minneapolis Public School officials obtained by WCCO show a nearly two-week delay before the district acknowledged that staff and family members’ personal data could be compromised.

Hackers have since released information onto the dark web, where users are untraceable. Cybersecurity experts warn that anyone associated with the district — current and former students, parents, staff and vendors — should assume they have been compromised until they’ve been told otherwise, and take action to protect themselves.

“Understanding how this breach affects each specific family is important because it will either put your mind at ease or give you and your legal representative a course of action. This should not have happened,” Lanterman added, while also urging parents to demand answers to a series of questions. “What information about my family are you currently storing and how are you storing it? Is it encrypted? Who has access? Is it being stored on a system that’s connected to the internet?”

The breach was first discovered on Feb. 17. A short email sent to Interim Superintendent Rochelle Cox says there was a “system incident that has impacted many MPS systems.” The district’s IT services says it was “determining scope and restoring services as quickly as possible.”

An email went out to district families on Feb. 21, which noted that “no data will be lost due to the…

Source…