The 74’s Mark Keierleber to Appear on PBS Friday to Talk MN School Data Breach

Help fund stories like this. Donate now!

The 74’s investigative reporter Mark Keierleber, who has broken news about the leak of sensitive student data on the dark web, will be discussing the latest cyber threat to Minneapolis Public Schools on Twin Cities PBS’s Almanac news show Friday.

The 7 p.m. Central show will air after a countdown clock on the Medusa cyber gang’s dark web leak site strikes zero at about 4 a.m. ET Friday. The leak site suggests the Minneapolis school district’s window to meet a $1 million ransom demand will then close and a trove of district data, which appears to include a significant volume of sensitive student and educator records, will become available online.

The 74’s earlier reporting documented that Medusa’s tactics, which included posting a since-removed video previewing what appeared to be the stolen documents in its possession, were more aggressive and more marketing-savvy than those generally seen in other school district cyber attacks. 

A preliminary review of the gang’s dark web leak site by The 74 suggest the compromised files include a sizable volume of sensitive documents, including records related to student sexual violence allegations, district finances, student discipline, special education, civil rights investigations, student maltreatment and sex offender notifications.

The Minneapolis Public Schools, which came under fire for referring to the February breach as an “encryption event,” has not released any additional information since a March 9 statement posted on its web site. In it, school leaders indicate they don’t intend to deal with Medusa to get their now-encrypted data back.

“We have taken a stance against these criminals and are restoring our systems without the need to cooperate with them. As our response continues, we continue to work with and align with the best practices provided by federal law enforcement.”

Medusa is apparently a popular name among threat actors. The group that struck Minneapolis schools, according to the tech blog, Bleeping Computer,  got its start in June 2021, but upped its profile this year by increasing its ransomware activity and launching its ‘Medusa Blog’ leak site to publish victims’ data.

A ransomware gang called Vice Society attempted to extort the Los Angeles Unified School District last year after it broke into the district’s computer network and made off with some 500 gigabytes of district files. When the district refused to pay an undisclosed ransom, Vice Society uploaded the records to its dark web leak site. 

District officials sought to downplay the attack’s effects on students. But an investigation by The 74 found thousands of students’ comprehensive and highly sensitive mental health records had been exposed. The district then acknowledged Feb. 22 that some 2,000 student psychological assessments — including those of 60 current students — had been leaked.

Help fund stories like this. Donate now!