Minnesota Department of Education Falls Victim to MOVEit Data Breach

The Minnesota Department of Education (MDE) disclosed on Friday that it has been targeted in an extensive data breach which has been linked to the recent MOVEit Cyber Security Attack (read our news article), resulting in the hacking of certain departmental files.

On the 7th of June, a joint advisory was issued by the FBI and the Cyber Security and Infrastructure Security Agency (CISA) regarding this cyber attack. The cyber security firm, Censys has reported that over 3,000 hosts might have been compromised as part of the attack, including Fortune 500 companies, state and federal agencies. Along with the Minnesota Department of Education, the BBC, Boots, British Airways, and the Nova Scotia government have also confirmed data thefts as a result of this attack. The FBI and CISA have identified a Russian-speaking ransomware gang Clop as the culprits behind the attack. Though no ransom demand has been received by the MDE to date, Clop have left an open ransom demand on the dark web to all businesses who have been exposed in the MOVEit attack.

In a swift response to the situation, the department has taken decisive action. The Minnesota Department of Education Communications Director, Kevin Burns, shared, “We found out about this breach and we reacted to the breach almost simultaneously. We immediately closed the vulnerability using the company-provided tools and commenced planning how to analyse the data, notify the people impacted, and how to do this as quickly as possible.”

This is not the first time that Minnesota’s educational establishments have been hit by such breaches. This incident marks the fourth such breach this academic year. Previously, three of the state’s largest school districts—Elk River, Minneapolis, and Rochester—all experienced ransomware attacks. These attacks resulted in the exposure of sensitive information such as detailed sexual assault reports, psychological reports, and school security maps, with many Minneapolis Public Schools families only learning about the breach through investigative reporting.

During its Friday announcement, the Minnesota Department of Education stated that 24 agency files were stolen during the attack, four of which contained personal data. These files included the names, dates of birth, and placement county of 95,000 students in foster care, as well as information on students from Perham–Dent Public Schools, Hennepin Technical College (including Parent/Guardian names), and a specific Minneapolis Public Schools bus route.

The Minnesota Department of Education has confirmed that the data breach began on 27th May, with its files accessed on the 31st of May. In response, the department, along with the state’s IT department, “took immediate steps to prevent any further unauthorised access and to ensure the safety and security of their data.”

Despite assurances from the ransomware gang that government data is safe the Cyber Security industry remains sceptical, warning that the data could still be sold or used in phishing schemes, even if no extortion attempts are made. The Minnesota Department of Education has confirmed that no financial data was accessed during the hack but advises those who may have been affected to take precautionary measures, including credit report monitoring. Recently the city of Dallas suffered a Ransomware Attack which potentially exposed the data of 12,000 employees, whilst they have not found proof that the information has been leaked on the dark web, all of the effected employees exposed in the Dallas attack have now been offered free credit monitoring. Minnesota Department of Education have recommended a free credit report which they have linked to on their website.

The Minnesota Department of Education is currently in the process of contacting the affected individuals, with the exception of the 95,000 foster children, for whom the department has stated it does not have contact information. Further information and advice has been provided on the department’s website and through media channels, as mandated by state law.

At One2Call we provide a range of IT Support & Cyber Security Services to Schools, Trusts & Academies throughout the UK, we work with them to ensure that their most critical data stays safe and secure from potential attack through the use of services such as Active Email Threat Protection, Endpoint Detection & Response, Dark Web Monitoring, Immutable Data Backups and much more besides. Out comprehensive Cyber Security Assessment form covers all of the essential pillars of a comprehensive Cyber Security solution for your School or Business, click the link below to download it and see if your business is Cyber Secure.

Latest News Stories