This page will be updated regularly with information regarding our investigation into the encryption event MPS experienced.
español Soomaali Hmoob
MPS is aware that the threat actor has released certain MPS data on the dark web today, a part of the internet accessible only with special software that allows users to remain untraceable. We are working with cybersecurity specialists to quickly and securely download the data so that we can conduct an in-depth and comprehensive review to determine the full scope of what personal information was impacted and to whom the information relates. This will take some time. You will be contacted directly by MPS if our review indicates that your personal information has been impacted.
Process and Timing for Contacting Impacted Individuals
MPS has completed a review of the data posted on Tuesday, March 7 and will be directly contacting individuals whose information was accessible as a result of this event. You will receive both an email and a mailed letter to ensure communication is completed. We are offering all potentially affected individuals free credit monitoring and identity protection services through Experian.
Continued Steps to Protect Yourself
Please understand that MPS continues to provide information to the public as we learn and discover more. MPS has taken a stance against these criminals and has fully restored our systems without the need to cooperate with the criminal. As our response continues, we continue to work with and align with the best practices provided by federal law enforcement.
Thank you for your continued support of the MPS community.
Interim Superintendent Cox’s opening remarks at the March 14, 2023, MPS Regular Meeting of the Board of Education:
First, I want to echo Chair El-Amin’s words of both gratitude to everyone working constantly to support MPS through the IT incident, and for the frustration and anger that this is where our collective time, energy, and resources must be dedicated and focused, instead of on supporting our students.
As we now know, the MPS network was infected with an encryption virus that was first discovered on Saturday, Feb. 18.
We promptly notified all staff and engaged third-party forensic IT specialists to assess the scope and nature of the event, and to assist us in restoring systems from our secure backups. This process is ongoing.
Thankfully, due to the efforts of the MPS IT team and their planning, as well as our secure backups, MPS was able to restore many of its systems.
Let me say that again – we were able to become functional much more quickly than some of the other school districts who have been violated in this way. That’s because our IT team has worked non-stop and because we had reliable backup records to which we could turn to.
Nevertheless, the criminals behind this effort have been able to access and publicly share some MPS data. Importantly, MPS still has not found any evidence that any data accessed has been used to commit fraud.
I know it’s hard for the MPS community to not yet know if each person’s individual data has been accessed.
MPS data that we know was shared and potentially accessed is currently undergoing an in-depth and comprehensive review – and this takes time.
I can tell you that not every employee, student, or constituent will have had their data accessed as a result of this event.
To date, the vast majority of the messages we have received thus far indicate only standard phishing attempts unrelated to MPS’s recent system encryption: emails or texts about locked Amazon accounts, locked Netflix accounts, false invoices, free giveaways, spam calls and texts.
As much as we would all like the data review to happen overnight, the process will take time and must be accurate. We have a team of both internal and external specialists working on this.
Individuals will be contacted directly by MPS if this review indicates your personal information has been impacted. Impacted individuals will be provided with free credit monitoring and identity protection services.
MPS has created a webpage with an overview of all the updates we’ve provided over the past couple of weeks, as well as information on how to protect your personal information.
While our team, in partnership with contracted specialists, are working around the clock to recover from this issue and focus on providing the notifications, I also call on policymakers and leaders to take swift and comprehensive action on a federal response to the growing number of these types of events.
While we will keep doing everything in our power to prevent and respond to these sort of events, districts, cities, and other public entities need support and expertise—both preventative and in response to these sorts of things.
Please continue to take the recommended steps to protect yourself. We will provide updates if new information is discovered.
The following information is an update to our Tuesday, Mar. 7 message regarding the encryption event that impacted MPS.
Please note that this information and regular updates will now be available on this MPS webpage for easy access in the future.
Since our last update, MPS has continued to restore functionality to our network and systems with the assistance of our third-party forensic IT specialists. These specialists have been conducting an investigation to determine the nature and scope of the incident, and they continue to assist MPS in monitoring our systems through advanced endpoint detection and response tools, including Carbon Black. We are also working to further enhance the security of MPS systems by reviewing our policies and procedures.
As we noted in Tuesday’s message, we have learned that MPS data, including some private information, was accessed and shared publicly. While our investigation and system restoration is ongoing, MPS has not found any evidence that any data accessed has been used to commit fraud.
MPS data that was shared and potentially accessed is currently undergoing an in-depth and comprehensive review. This will take some time and individuals will be contacted directly by MPS if this review indicates personal information has been impacted.
Individuals whose legally protected personal information has been accessed will be provided with free credit monitoring and identity protection services.
We continue to caution you about receiving, interacting with, or responding to any suspicious emails or phone calls from someone you don’t know. Be aware of possible phishing events and other potential scams. We continue to direct all individuals to the resources available on the MPS website related to these types of events - Safe Data Practices. If you receive any threats or suspicious messages, report them to privacy@mpls.k12.mn.us.
We continue to recommend that all passwords for any online personal accounts that you may have accessed on MPS devices should be changed. Steps for that and other safety measures can be found to the right on this page.
We strongly advise against downloading or sharing any information accessed and shared by the threat actor. This further impacts the community and puts individuals’ information at risk. Further publication of and passing around of such information plays into the criminal’s objectives.
MPS is committed to continuing to provide information as we learn and discover more. We have taken a stance against these criminals and are restoring our systems without the need to cooperate with them. As our response continues, we continue to work with and align with the best practices provided by federal law enforcement.
Dear MPS Community:
We want you to know that the threat actor who has claimed responsibility for MPS’s recent encryption event has apparently posted online some of the data they accessed from MPS.
This action has been reported to law enforcement, and we are working with IT specialists to review the data in order to contact impacted individuals. We are also working with the online host company to get the information removed as quickly as possible.
We want to caution you again about receiving, interacting with, or responding to any suspicious emails or phone calls from someone you do not know related to this event. Be aware of possible phishing events and other potential scams. If you receive any of these threats or suspicious messages, report it to privacy@mpls.k12.mn.us.
Additionally, we continue to recommend changing all passwords for any online personal accounts that you may have accessed on MPS devices. Thank you for supporting the MPS community.
We wanted to take the time to update you regarding our investigation into the encryption event we experienced, and to thank our IT Team for their tireless work restoring many systems over many long nights and weekends.
As many of you know, our network was infected with an encryption virus. We promptly engaged third-party computer specialists to assess the scope and nature of the event, and to assist us in securely restoring systems from our secure backups. This process is largely completed, and we thank all of you for your patience while some systems and applications were inaccessible.
Thankfully, due to the efforts of the MPS IT team and plan, as well as our secure backups, MPS was able to restore many of its systems. The ongoing investigation has determined that an unauthorized threat actor may have been able to access certain data located within the MPS environment.
Please note, MPS has not paid a ransom to the threat actors and the investigation has not found any evidence that any data accessed has been used to commit fraud. However, if the ongoing investigation indicates that personal information has been impacted, the impacted individuals will be notified immediately.
The threat actors may contact employees or staff in an attempt to coerce MPS to pay a ransom.
We want to caution you about receiving, interacting with, or responding to any suspicious emails or phone calls from someone you do not know related to this event. Be aware of possible phishing events and other potential scams. If you receive any of these threats or suspicious messages, report it to privacy@mpls.k12.mn.us. MPS is working with law enforcement and will continue to cooperate with authorities as their investigation continues.
We want to remind you again that as a best practice and out of an abundance of caution, all passwords for any online personal accounts that you may have accessed on MPS devices should be changed. Steps for doing this are outlined to the right on this page.
We thank you all for your patience and understanding and we remain available should you have any questions or concerns. MPS continues working toward full restoration of our systems. By working together, we can help protect ourselves and our organization from any future attacks.
Many systems are up and running now at Minneapolis Public Schools as both staff and students receive and update passwords. We expected the process to take more than one day and are grateful to school staff for guiding students while also moving lessons forward. We will evaluate tomorrow whether after-school activities can be held.
Our investigation into the cause of this event is ongoing and we hope to share more information as we learn more.
As you are aware, MPS recently began experiencing technical difficulties affecting the operability of certain computer systems. We apologize for the inconvenience and concern this has caused our community. MPS staff are working around the clock with third-party (non-MPS) IT specialists to investigate the source of this disruption, confirm its impact on our systems, and restore full functionality to everyone as soon as possible.
The good news is that we are able to restore the impacted data from viable backups that MPS had in place prior to the event. This means that no data will be lost due to this incident.
In order to further secure our systems, MPS deployed an advanced endpoint detection response tool to necessary endpoints. In layperson’s terms, think of this as a virus alert system that ensures you can continue using your MPS device safely and securely.
We have also updated relevant passwords, implemented additional multi-factor authentication where possible and are working with a third-party specialist to monitor our network. As part of our ongoing investigation, we are assessing measures already in place to protect the integrity of our systems and will continue to work to enhance these protections.
The confidentiality, privacy, and security of your information in our care is among our highest priorities. We remain committed to safeguarding the information in our care and will continue to take steps to ensure the security of our systems.
Last night, there was a system incident that has impacted many MPS systems.
MPS IT Teams are currently working with our partners on determining scope and restoring services as quickly as possible.
Thank you, MPS IT Services
In addition to the changes to our work passwords, we would encourage employees to consider changing passwords for accounts you may regularly access from work computers, such as Gmail, Amazon, Facebook, or your personal bank or credit card accounts, and any other passwords that you have not changed recently. We also encourage implementation of multi-factor/two-factor authentication whenever possible. Also, as many people often use the same password for many accounts, we are also encouraging you to take this opportunity to change the passwords for any personal accounts which would share the same or similar credentials as other accounts, including accounts accessed from company devices.
Be mindful that any email you receive may be fraudulent, and could come from a criminal. Always think twice before opening any attachments or clicking on links that you are not expecting to receive. If you see anything suspicious, please do not access it, and let our IT department know immediately. That includes any messages to your work email account, as well as personal accounts.
We encourage all employees to monitor your bank, credit card and other financial accounts for any suspicious activity, and to consider placing freezes or holds when appropriate.
You should also monitor your credit report for any suspicious activity. Under U.S. law, a consumer is entitled to one free credit report annually from each of the three major credit reporting bureaus, Equifax, Experian, and TransUnion. To order your free credit report, visit www.annualcreditreport.com or call, toll-free, 1-877-322-8228. You may also directly contact the three major credit reporting bureaus listed below to request a free copy of your credit report.
Consumers have the right to place an initial or extended “fraud alert” on a credit file at no cost. Should you wish to place a fraud alert, please contact any one of the three major credit reporting bureaus listed below.
As an alternative to a fraud alert, consumers have the right to place a “credit freeze” on a credit report, which will prohibit a credit bureau from releasing information in the credit report without the consumer’s express authorization. The credit freeze is designed to prevent credit, loans, and services from being approved in your name without your consent. However, you should be aware that using a credit freeze to take control over who gets access to the personal and financial information in your credit report may delay, interfere with, or prohibit the timely approval of any subsequent request or application you make regarding a new loan, credit, mortgage, or any other account involving the extension of credit.
Pursuant to federal law, you cannot be charged to place or lift a credit freeze on your credit report. To request a security freeze, you may need to provide some or all of the following information:
Should you wish to place a credit freeze or fraud alert, please contact the three major credit reporting bureaus listed below: