On May 31, the Minnesota Department of Education (MDE) experienced a cybersecurity incident in which an outsider gained access to files holding data on over 95,000 foster pupils. The Minnesota Department of Human Services transmitted the files. Other kids who were impacted comprised 124 who were eligible for Covid-19 benefits, 29 who were enrolled in PSEO classes at Minneapolis’ Hennepin Technical College, and 5 who rode a particular bus route run by Minneapolis Public Schools.
On May 31, the Minnesota Department of Education (MDE) experienced a cybersecurity incident in which an outsider gained unauthorized access to files holding data on over 95,000 foster students. The Minnesota Department of Human Services transferred the files. Other kids who were impacted included 124 who were eligible for Covid-19 benefits, 29 who were enrolled in PSEO classes at Minneapolis’ Hennepin Technical College, and 5 who rode a particular bus route run by Minneapolis Public Schools.
No banking data was compromised, although certain PSEO students’ records included transcripts containing their social security number’s last four digits. No data has been shared or uploaded online, and no ransomware demands have been made.
The Minnesota Department of Education (MDE) disclosed that they were the most recent target of a cyberattack on Friday. Data about hundreds of thousands of students, especially those in foster care, was disclosed in the attack. On May 31, MDE received notification of a flaw in their MOVEit file transfer program. Later on that day, 24 files containing data on thousands of pupils were accessed by a third party.
The files contained data on over 95,000 students who had been placed in foster care, such as their names, birthdates, and the county where they were housed. The Minnesota Department of Human Services provided the files, according to MDE, and they did not include the contact information for anyone who was impacted by the incident. The assault also contained details about 5 kids who rode a certain bus route with Minneapolis Public Schools, 29 students enrolled in PSEO classes at Minneapolis’ Hennepin Technical College, and 124 students who were eligible for COVID-19 benefits.
MDE affirmed that the data breach did not result in the acquisition of any financial data. The final 4 digits of certain students’ social security numbers were included on high school and college transcripts, though who were enrolled in PSEO classes. No information has been shared or uploaded online, and no ransomware demands have been made. Furthermore, according to MDE, no malware or viruses were uploaded to the hardware systems.
This incident has been reported to the FBI, Minnesota Bureau of Criminal Apprehension, and Office of the Legislative Auditor. In addition, MDE takes the protection of personal information extremely seriously and is aware of the potential harm that could result from unauthorized access to private information by third parties. Moreover, MDE is implementing additional security measures in collaboration with their MNIT partners to safeguard sensitive information and stop situations like this from occurring again.
There have been numerous recent attacks on educational institutions, including this most recent one. Schools and universities have been targeted by cybercriminals for a number of objectives, such as monetary gain, spying, and disturbance. Due to the abundance of personal and financial data kept on their networks, the education industry has become a top target.
In order to safeguard their networks and data, educational organizations have to treat cybersecurity seriously and put in place efficient safety precautions. Regular security audits, personnel training, and the application of cutting-edge security techniques and technology are all part of this.
The threat of cyber attacks will only rise as the educational sector continues to transition to a more digital environment. In order to stop cyberattacks from happening, educational institutions must be constantly on guard and take preventive action. Students, employees, and the institution as a whole risk serious consequences if this is not done.
The latest online assault on the Minnesota Department of Education serves as a reminder of the importance of cybersecurity in educational institutions. The event serves as an indicator of the significance of safeguarding financial and personal data because it exposed details about hundreds of thousands of learners, especially those in foster care. It is crucial that educational institutions employ robust safety precautions to safeguard their networks and data, as well as preventative security measures to stop cyberattacks from happening.
About The Author:
Yogesh Naager is a content marketer that specializes in the cybersecurity and B2B space. Besides writing for the News4Hackers blog, he’s also written for brands including CollegeDunia, Utsav Fashion, and NASSCOM. Naager entered the field of content in an unusual way. He began his career as an insurance sales executive, where he developed an interest in simplifying difficult concepts. He also combines this interest with a love of narrative, which makes him a good writer in the cybersecurity field. In the bottom line, he frequently writes for Craw Security.