Ransomware attacks have long plagued governments and the energy sector, and now these criminals found a new target — schools. This resulted in thousands of confidential records concerning the most private student matters being dumped online.
Graphic accounts of assaults, hospitalizations and even suicide attempts were laid bare for anyone to see.
Minneapolis Public Schools fell victim to this activity in March when the system refused to fork over a $1 million ransom. This led to 300,000 confidential files being made public.
The confidential documents stolen from schools and dumped online by ransomware gangs are raw, intimate and graphic. They describe student sexual assaults, psychiatric hospitalizations, abusive parents, truancy — even suicide attempts. https://t.co/QIJtbkAB0u
— FOX 9 (@FOX9) July 5, 2023
One student begged officials to “please do something” in one of the exposed documents after repeatedly encountering an ex-attacker at a local school.
These hackers, who strike from around the globe, show no hesitation in posting medical records, Social Security numbers and private employee information. Materials that were once kept in locked cabinets are now just a mouse click away from being compromised.
And targeted districts have little defense or preparation for dealing with such an incident.
For example, the Minneapolis system has yet to complete their promise of informing individual victims of the hacking that their information was exposed. The Associated Press reached out to six families who had children’s data on personal attacks posted online after the March incident.
Each family said it was the first time they had heard from anyone about the case.
Last Labor Day weekend, the Los Angeles Unified School District was hit with a ransomware attack that exposed private data on over 1,900 students. This sensitive information included psychological evaluations and medical records that were posted online.
It took until February for system officials to admit the scope of the breach. Meanwhile, the AP found many of the private records — some were decades old — on the open internet and the dark web.
Other districts in Iowa and Arizona have also been hit with ransomware attacks.
Many are strapped for funding and utilize antiquated data systems to store digitized records. These are low-hanging fruit for hackers, who apparently have found only one target too low for their schemes.
Recently SickKids, a teaching and research hospital in Toronto that helps ailing children, came under attack from the LockBit ransomware gang. The outfit quickly apologized, provided a free decryptor to release the facility’s computers and disciplined the responsible criminal.
School systems, however, remain fair game.