www.cbsnews.com Open in urlscan Pro
146.75.117.188  Public Scan

Submitted URL: https://lnks.gd/l/eyJhbGciOiJIUzI1NiJ9.eyJidWxsZXRpbl9saW5rX2lkIjoxMDAsInVyaSI6ImJwMjpjbGljayIsInVybCI6Imh0dHBzO...
Effective URL: https://www.cbsnews.com/minnesota/news/hackers-post-more-stolen-minneapolis-public-school-data-to-dark-web/?utm_medium=e...
Submission: On May 15 via api from US — Scanned from DE

Form analysis 1 forms found in the DOM

POST

<form method="post" id="soft-login-gate__form" class="soft-login-gate__form">
  <div class="soft-login-gate__form--field">
    <input type="email" class="soft-login-gate__form--input" name="email" value=""
      placeholder="Email address"><a href="https://www.cbsnews.com/user/login/?ifmsgr=true&amp;page=/minnesota/news/hackers-post-more-stolen-minneapolis-public-school-data-to-dark-web/" id="anchor-login" class="soft-login-gate__form--anchor popup-window" data-invalid-url-rewritten-http=""></a>
    <a href="https://www.cbsnews.com/user/registration/?ifmsgr=true" id="anchor-signup" class="soft-login-gate__form--anchor popup-window" data-invalid-url-rewritten-http=""></a>
    <button type="button" class="soft-login-gate__form--submit"> Continue </button>
  </div>
  <div class="soft-login-gate__form--error">
    <div class="soft-login-gate__form--error-empty"> Please enter email address to continue </div>
    <div class="soft-login-gate__form--error-invalid"> Please enter valid email address to continue </div>
  </div>
</form>

Text Content

 * Watch CBS News Minnesota
 * Download Our App
 * Meet Our Team
 * School Closings
 * CBS News
 * Links & Numbers
 * Submit Your Pics/Video
 * CBS+

 * News
   * * All News
     * Twin Cities News
     * Greater Minnesota News
     * Wisconsin News
     * Politics
     * Crime
     * Consumer
     * Health
     * Education
     * Community Journalism
     * Good Question
     * Finding Minnesota
     * WCCO Investigates
 * Weather
   * * NEXT Weather
     * Live Radar
     * Closings & Delays
     * Weather Watcher Network
 * Sports
   * * Latest Sports
     * CBS Sports HQ
     * Vikings
     * Twins
     * Timberwolves
     * Lynx
     * Wild
     * United FC
     * Aurora FC
     * Gophers
     * High School Sports Rally
 * Video
 * More
   * * Station Info
     * WCCO-TV News Team
     * Links & Numbers
     * Contests & Promotions
     * Galleries
     * WCCO-TV Jobs
     * Download WCCO's App
     * Advertise
     * Log In
 * 74°
 * Search
 * Search
 * Live TV




Watch CBS News

Twin Cities News


HACKERS POST MORE STOLEN MINNEAPOLIS PUBLIC SCHOOL DATA TO DARK WEB

By WCCO Staff, Caroline Cummings, Jonah Kaplan

Updated on: March 17, 2023 / 10:53 PM / CBS Minnesota

 * 
 * 
 * 

Hackers post data from Minneapolis Public Schools

Hackers post data from Minneapolis Public Schools 02:45

MINNEAPOLIS -- Minneapolis Public Schools on Friday notified parents that
hackers who stole district data in a recent system breach released that
information onto the dark web, where users are untraceable.

The latest letter comes nearly three weeks after MPS first sent out an alert
about an "encryption event." 

"We are working with cybersecurity specialists to quickly and securely download
the data so that we can conduct an in-depth comprehensive review to determine
the full scope of what personal information was impacted," it reads. The
district says it will contact people directly if they are impacted.

But cybersecurity experts warn that anyone associated with the district—current
and former students, parents, staff and vendors—should assume they have been
compromised until they've been told otherwise, and take action to protect
themselves.

Ian Coldwater is a "professional hacker" that companies hire to expose
vulnerabilities and share how they can improve security. The expert in computer
systems is also parent of two children who are current and former students in
Minneapolis Public Schools, whose personal data is also at risk.



"What concerns me about this data breach specifically is the sensitivity of some
of this data," Coldwater said. "The scale and scope of this data breach is quite
large and quite wide."

Among the pieces of data they said they saw in a trove of files the ransomware
group dumped online: payroll information, protected health information, home
addresses, phone numbers, disciplinary records, student records, pictures of
students and staff, safety plans, union grievances, misconduct complaints and
civil rights investigations.

"You name it—it's pretty much in there," Coldwater said.

Mark Lanterman, former member of the U.S. Secret Service Electronic Crimes Task
Force, explained that the "dark web" as a back alley to the internet instead of
the main street and users are completely anonymous. His firm Computer Forensic
Services contracts with dozens of law enforcement agencies in Minnesota.



"You're not seen. You're invisible," Lanterman added. "This is so much worse
than the breach of a retailer who issues credit cards because you can just call
and cancel the credit card. This is information about us."

MPS administrators have declined WCCO's requests for an interview, and also have
chosen not to answer questions sent via email.

Earlier this month, administrators told parents there was no evidence that the
data has been used to commit fraud, but still encouraged employees, parents and
staff to remain vigilant of suspicious emails or phishing attempts. In its
latest correspondence to parents, the district said it would offer all
potentially affected individuals free credit monitoring and identity protection
services through Experian.

"My immediate advice is change all passwords to all your accounts, make sure
you're monitoring statements, bank and credit card, and put a freeze on your
credit report," Lanterman added. "Hackers are in business to make money, and one
of the best ways to prevent yourself from being a victim is to make sure they
can't take out loans or lines of credit in your name. Put a freeze on your
credit report."

Coldwater wished there was clearer communication from the district about the
impact of the attack because then individuals whose data is compromised can take
swift action to protect themselves.

"I have personally seen less sky-is-falling fear and panic and more of people
kind of just wondering what's going on. People want to know what's happening,"
they said. "I don't blame MPS for being hacked, but I don't think they responded
to it as well as they could."

According to state officials, schools and universities were the targets of at
least 78 cyber attacks in 2022, in addition to 111 counties and 39
municipalities.



International Falls School District was targeted in September 2022, just one
week into the school year.

"It's an invasion. That feeling of an invasion of privacy," superintendent Kevin
Grover of that district told WCCO in a recent interview. "Not knowing is the
concern. They never came out and said here are the five things we have which are
bad. It was all threats that we could put this on the dark web."

Medusa, the group claiming responsibility for the attack on MPS, released a
video with information, setting the ransom at $1 million. A joint
federal Cybersecurity Advisory (CSA) issued last year warned of Medusa's
ransomware attacks and their pervasive methods of gaining access through remote
access.

"Actors also frequently use email phishing and spam email campaigns—directly
attaching the ransomware to the email," officials explained, noting that
organizations like school districts and health care systems should "focus on
cybersecurity awareness and training" and "regularly provide users with training
on information security principles and techniques as well as overall emerging
cybersecurity risks and vulnerabilities, such as ransomware and phishing scams."

In their letter on Friday, MPS administrators cautioned families and staff on
"receiving, interacting with, or responding to any suspicious emails or phone
calls," while also directing those who accessed MPS devices from personal
accounts to "change those account passwords."


Experts break down MPS data hack 02:27

The district also said it has "taken a stance against these criminals and has
fully restored our systems without the need to cooperate with the criminal."

Lanterman said that does not change the fact that troves of sensitive and
personal data remain online.



"This data does not expire like a credit card. This is us," he lamented. "This
information is about us and our children, and I would strongly urge every parent
to get specialized legal advice about how they, as victims, should respond to
this."

Coldwater urges parents, staff and students not to panic, but take the threat
seriously, recommending they do the following: change the passwords of all
accounts accessed through district-owned devices, freeze credit, watch accounts
closely and use multi-factor authentication.

Federal cyber officials also offer these four critical steps everyone can take
to protect themselves online:

 1. Protect your computer by using security software. Set the software to update
    automatically so it can deal with any new security threats.
 2. Protect your mobile phone by setting software to update automatically. These
    updates could give you critical protection against security threats.
 3. Protect your accounts by using multi-factor authentication. Some accounts
    offer extra security by requiring two or more credentials to log in to your
    account. This is called multi-factor authentication. The additional
    credentials you need to log in to your account fall into two categories:
    -Something you have — like a passcode you get via an authentication app or a
    security key.
    -Something you are — like a scan of your fingerprint, your retina, or your
    face.
    Multi-factor authentication makes it harder for scammers to log in to your
    accounts if they do get your username and password.
 4. Protect your data by backing it up. Back up your data and make sure those
    backups aren't connected to your home network. You can copy your computer
    files to an external hard drive or cloud storage. Back up the data on your
    phone, too.

If you believe you've been a victim of identity theft, click here.

WCCO Staff

The WCCO Staff is a group of experienced journalists who bring you the content
on WCCO.com.

Twitter Facebook Instagram

First published on March 17, 2023 / 9:51 AM

© 2023 CBS Broadcasting Inc. All Rights Reserved.

Thanks for reading CBS NEWS.
Create your free account or log in
for more features.
Continue
Please enter email address to continue
Please enter valid email address to continue


FEATURED LOCAL SAVINGS







©2023 CBS Broadcasting Inc. All Rights Reserved.

 * Terms of Use
 * Privacy Policy
 * Manage Cookies
 * WCCO
 * News
 * Sports
 * Weather
 * Contests
 * Program Guide
 * Sitemap
 * About Us
 * Advertise
 * Paramount+
 * CBS Television Jobs
 * Public File for WCCO-TV
 * Public Inspection File Help
 * FCC Applications
 * EEO Report

 * facebook
 * twitter
 * instagram
 * youtube

View CBS News In
CBS News App Open
Chrome Safari Continue
Be the first to know
Get browser notifications for breaking news, live events, and exclusive
reporting.
Not Now Turn On


ABOUT YOUR PRIVACY




 * YOUR PRIVACY


 * ESSENTIAL


 * ANALYTIC & PERFORMANCE


 * FUNCTIONAL


 * MARKETING AND ADVERTISING


 * SOCIAL MEDIA


 * STORE AND/OR ACCESS INFORMATION ON A DEVICE


 * SELECT BASIC ADS


 * CREATE A PERSONALISED ADS PROFILE


 * SELECT PERSONALISED ADS


 * MEASURE AD PERFORMANCE


 * APPLY MARKET RESEARCH TO GENERATE AUDIENCE INSIGHTS


 * DEVELOP AND IMPROVE PRODUCTS


 * ENSURE SECURITY, PREVENT FRAUD, AND DEBUG


 * TECHNICALLY DELIVER ADS OR CONTENT

YOUR PRIVACY

We process your data to deliver content or advertisements and measure the
delivery of such content or advertisements to extract insights about our
website. We share this information with our partners on the basis of consent and
legitimate interest. You may exercise your right to consent or object to a
legitimate interest, based on a specific purpose below or at a partner level in
the link under each purpose. These choices will be signaled to our vendors
participating in the Transparency and Consent Framework.
Privacy Policy

List of IAB Vendors‎

ESSENTIAL

Always Active

These cookies are essential for the proper functioning of our Services.
Essential cookies cannot be switched off in our systems. You can set your device
to block or alert you about these cookies, but some parts of the Service will
not work.

Cookies Details‎

ANALYTIC & PERFORMANCE

Analytic & Performance Inactive


These Cookies allow us to collect information about how visitors use our
properties. Some examples include counting visits and traffic sources, so we can
measure and improve the performance of our services. If you do not allow these
Cookies we will not know when users have visited our properties and will not be
able to monitor performance.

Cookies Details‎

FUNCTIONAL

Functional Inactive


These Cookies enable the services to provide enhanced functionality and
personalization. They may be set by us or by third party providers whose
services we have added to our services. If you do not allow these Cookies then
some or all of these services may not function properly.

Cookies Details‎

MARKETING AND ADVERTISING

Marketing and Advertising Inactive


These Cookies may be set by us or through our services by our advertising
partners. They may be used by those companies to build a profile of your
interests and show you relevant advertising on this and on other properties. If
you do not allow these Cookies, you will still see ads, but you will experience
less relevant advertising.

Cookies Details‎

SOCIAL MEDIA

Social Media Inactive


These Cookies are set by a range of social media services that we have added to
the services to enable you to share our content with your friends and networks.
They are capable of tracking your browser across other sites, building up a
profile of your interests to show you relevant content and advertisements on the
relevant social networks. If you do not allow these Cookies you may not be able
to use or see these sharing tools.

Cookies Details‎

STORE AND/OR ACCESS INFORMATION ON A DEVICE

Store and/or access information on a device Inactive


Cookies, device identifiers, or other information can be stored or accessed on
your device for the purposes presented to you.

List of IAB Vendors‎ | View Full Legal Text Opens in a new Tab

SELECT BASIC ADS



Ads can be shown to you based on the content you’re viewing, the app you’re
using, your approximate location, or your device type.

Object to Legitimate Interests Remove Objection
List of IAB Vendors‎ | View Full Legal Text Opens in a new Tab

CREATE A PERSONALISED ADS PROFILE

Create a personalised ads profile Inactive


A profile can be built about you and your interests to show you personalised ads
that are relevant to you.

List of IAB Vendors‎ | View Full Legal Text Opens in a new Tab

SELECT PERSONALISED ADS

Select personalised ads Inactive


Personalised ads can be shown to you based on a profile about you.

List of IAB Vendors‎ | View Full Legal Text Opens in a new Tab

MEASURE AD PERFORMANCE



The performance and effectiveness of ads that you see or interact with can be
measured.

Object to Legitimate Interests Remove Objection
List of IAB Vendors‎ | View Full Legal Text Opens in a new Tab

APPLY MARKET RESEARCH TO GENERATE AUDIENCE INSIGHTS

Apply market research to generate audience insights Inactive


Market research can be used to learn more about the audiences who visit
sites/apps and view ads.

List of IAB Vendors‎ | View Full Legal Text Opens in a new Tab

DEVELOP AND IMPROVE PRODUCTS



Your data can be used to improve existing systems and software, and to develop
new products

Object to Legitimate Interests Remove Objection
List of IAB Vendors‎ | View Full Legal Text Opens in a new Tab

ENSURE SECURITY, PREVENT FRAUD, AND DEBUG

Always Active

Your data can be used to monitor for and prevent fraudulent activity, and ensure
systems and processes work properly and securely.

List of IAB Vendors‎ | View Full Legal Text Opens in a new Tab

TECHNICALLY DELIVER ADS OR CONTENT

Always Active

Your device can receive and send information that allows you to see and interact
with ads and content.

List of IAB Vendors‎ | View Full Legal Text Opens in a new Tab
Back Button


BACK

Filter Button
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label

 * View Third Party Cookies
    * Name
      cookie name


Clear
checkbox label label
Apply Cancel
Save Settings
Reject Accept



REVIEW AND MANAGE YOUR COOKIE SETTINGS

This website and our partners use cookies to store and access personal data such
as unique identifiers to ensure that the content is accurate, up to date and
that the website functions properly. You can control your cookie preferences at
any time through the "Manage" button. If you consent, we will use those means to
collect information about your visits for aggregated statistics to improve our
service.

For more information refer Privacy Policy.


WE AND OUR PARTNERS PROCESS DATA TO PROVIDE:

Store and/or access information on a device. Select basic ads. Create a
personalised ads profile. Select personalised ads. Measure ad performance. Apply
market research to generate audience insights. Develop and improve products.
List of Partners

Accept Reject
Manage

Manage Cookies