reports that Minneapolis Public Schools had its data compromised in a Medusa ransomware
attack leaked on the dark web nearly three weeks after it reported being impacted by a ransomware incident.
Medusa ransomware has demanded a $1 million ransom for the stolen data, which cybersecurity experts note include the school district's student records, phone numbers, home addresses, disciplinary records, protected health information, payroll data, student and staff photos, safety plans, misconduct complaints, union grievances, and civil rights investigations.
"We are working with cybersecurity specialists to quickly and securely download the data so that we can conduct an in-depth comprehensive review to determine the full scope of what personal information was impacted," said MPS in a statement.
Despite ongoing investigation into the incident, individuals whose data may have been affected should assume compromise, said experts.
"What concerns me about this data breach specifically is the sensitivity of some of this data. The scale and scope of this data breach is quite large and quite wide," said ethical hacker Ian Coldwater.