Introduction
On June 9, 2023, the Minnesota Department of Education (MDE) announced that it had been the victim of a data breach. The breach exposed the personal information of over 1 million Minnesotans, including students, parents, and educators.
What Happened
The breach was caused by a cyberattack on the MDE's MOVEit file transfer service. MOVEit is a software platform that allows users to securely transfer files between different computers and servers. The cyberattack exploited a vulnerability in the MOVEit software that allowed hackers to gain unauthorized access to the MDE's data server.
The data that was exposed in the breach includes:
Student names, birthdates, and social security numbers
Parent names and contact information
Educator names and contact information
Educational records, including test scores and grades
Medical information, including immunization records
How It Happened
The cyberattack on the MDE's MOVEit file transfer service was carried out by a group of cybercriminals known as the C10p ransomware gang. The C10p ransomware gang is a Russian-speaking group that is known for targeting government agencies and educational institutions.
The C10p ransomware gang first gained access to the MDE's MOVEit file transfer service by exploiting a vulnerability in the software. Once they had access to the server, they were able to download a large amount of data, including student, parent, and educator records.
The C10p ransomware gang then encrypted the data on the server and demanded a ransom payment of $1 million in order to decrypt the data and prevent it from being released to the public. The MDE refused to pay the ransom, and the data was eventually released to the public.
Impact of the Breach
The Minnesota Department of Education data breach has had a significant impact on the state's education system. The breach has caused widespread anxiety among parents and educators, and it has raised concerns about the security of student data.
The breach has also had a financial impact on the MDE. The MDE has had to spend millions of dollars to investigate the breach and to implement new security measures.
Recommendations
The Minnesota Department of Education data breach is a reminder of the importance of cybersecurity. In order to protect student data, educational institutions should:
Use strong passwords and two-factor authentication
Keep software up to date
Back up data regularly
Be aware of the latest cybersecurity threats
Conclusion
The Minnesota Department of Education data breach is a serious incident that has had a significant impact on the state's education system. The breach is a reminder of the importance of cybersecurity, and it is important for educational institutions to take steps to protect student data.
