After hacking the Minneapolis public school system in March, a ransomware gang proceeded this week to leak students’ personal information to the web. Included in the tranche were the usual deluge of personal data points—including students’ birthdays and social security numbers. But NBC, which reviewed the leaks, now reports that the trove also contained far more sensitive information, including the mental health records of students and even documents detailing allegations of abuse against members of the district’s staff.
The Minneapolis Public Schools district, which is K-12, serves some 29,000 students and encompasses dozens of schools. The gang behind the hack on the district—which calls itself “Medusa”—has unleashed a torrent of some 200,000 files stolen from its servers, including a number of “databases” cataloguing incidents of students exhibiting behavioral issues. In said databases, students are identified via a number of markers, including ID number, ethnicity, and the school that they attend.
Additionally, the hackers have also leaked sensitive portfolios of information on “hundreds” of children with special needs. NBC reports that the documents include “pages of details about students, including problems at home like divorcing or incarcerated parents, conditions like Attention Deficit Disorder, documented indications where they appear to have been injured, results of intelligence tests and what medications they take.”
Finally, the leaks also appear to contain documents detailing allegations of abuse by certain district staff. In at least one case, NBC reports that documents show a special education student alleged that they suffered sexual abuse at the hands of a district school bus driver. A man with the same name as the one listed in the report is shown to have been arrested by police, the news outlet writes. In the reports alleging assault or abuse, the accusing student’s name, date of birth, and address are all present in the data.
NBC has noted that it was not able to independently verify the leaks.
Medusa has published the documents to a number of different websites in a campaign that has been characterized as exceptionally aggressive, NBC reports. Typical of ransomware gangs, Medusa has posted the material to a “leak site”—a site used to goad hacking victims into paying a ransom via strategic leaks. But the gang has also distributed the material via more traditional channels, using sites like Twitter, Facebook, and Telegram to bring more visibility and notoriety to the leaks.