A ransomware gang known as “Medusa” has leaked personal information belonging to students from Minneapolis Public Schools online. The information included social security numbers, birthdays, mental health records, and documents detailing allegations of abuse against staff.
Medusa stole about 200,000 files from the school system’s servers in March, including databases cataloguing incidents of students exhibiting behavioral issues.
Moreover, portfolios of sensitive information about hundreds of children with special needs were also leaked, including details of problems at home, conditions like Attention Deficit Disorder, documented injuries, results of intelligence tests, and medications they take.
At the same time, the Minneapolis Public Schools district serves 29,000 students across dozens of schools. The leak of such sensitive personal information could have far-reaching implications for the district, with students potentially facing future privacy and identity theft issues.
The district has confirmed the hack, and its officials have been working with law enforcement to investigate the situation.
Furthermore, Medusa has published the documents on several websites, including Twitter, Facebook, Telegram, and a leak site to force hacking victims to pay a ransom through strategic leaks. NBC, which reviewed the leaks, noted that it was not able to independently verify them.
Finally, it is unclear whether the district is considering paying the ransom. However, the ransomware gang’s aggressive campaign in distributing the material has brought more visibility and notoriety to the leaks, posing a significant threat to the students and staff of the Minneapolis Public Schools district.
