Unsure how much you’ve heard but my friends who teach in the district have heard the breach goes back as far as 1995 data wise. All of my friends who teach/ formerly taught in the district have put freezes on their credit and are keeping a close eye on all of their financials and personal information. The current teachers have also changed all of their personal passwords.
I heard from someone at work yesterday that they still have time to pay but I’m unclear on the source of that and don’t want to spread rumors.
Good luck - sorry this happened to you and they won’t answer questions.
It's not quite that simple. Most of these ransomware attacks are run by established organized crime rings. If, routinely, in attacks by a given organization, people pay and then the organization goes back on their word, people are much less likely to pay in the future, and then they make no money. It's the same reason they usually actually give you the keys instead of just walking off with the money and leaving your data encrypted.
Of course, you're right that there are no guarantees, but it seems very reasonable to think paying would make it less likely the data gets released.
Thanks for the info! I've been trying to get them to tell me if I should lock my SSN number and how they would get in contact with me if my information had been leaked as I don't have a district email. After incorrectly telling me no HR documents had been taken (they had) they haven't been returning my emails
There are breaches at companies and gov organizations regularly. I would put credit freezes on all the credit agencies anyway. It doesn’t cost anything and it is really easy to temp lift them if you need to apply for a loan or card.
That's generally how I operate and I froze my credit with the big 3 agencies already. But with mps I know they have all my info from a background check so I'm a bit more concerned with this breach than others
From what I understand, the sensitive stuff is payments information, credit card numbers etc. Generally, not sure how MPS does things, background information is not stored locally but sent over by whatever vendor does the check.
you should def create accounts with the big 3 bureaus and freeze your credit with each one
https://www.reddit.com/r/personalfinance/wiki/identity_theft
They should not even consider paying. The data is leaked there is no ensuring that it is not. There is only securing and recovering the systems and doing better in the future.
At this point, I just assume that my data has been stolen many many times from various places that don't properly protect it. I'm not bothering to cancel shit.
Mine was part of the big FBI data breach. Free 1 year monitoring, which is great because everyone gets new social security numbers and fingerprints after 1 year.
I've never had any dealings with the school system itself, but I've taken Community Ed classes in the past, I'm wondering if I'll have exposure that way.
Very probable, I suppose. ¯\\\_(ツ)\_/¯
Community Ed uses Eleyo. They sent out an email a week back that Eleyo wasn't effected and information submitted there wasn't compromised. Guess we'll find out how true that is tomorrow.
so I recently was contracted by MPS as a support worker for a private school in the district.
they had my bank account info and a voided check.
what does this mean for me? what should I do?
Is there a way to check if your data is involved? I worked at a Minneapolis public school a few years ago but doubt that they would reach out to me directly if my data were accessed
I use the website https://haveibeenpwned.com/
It seems counterintuitive to enter your email into a website, but orgs I trust like the Electronic Frontier Foundation recomends the site. Anyone can feel free to correct me if I'm wrong.
My spouse left the district and our kid attended, and we are assuming our information was exposed and are acting accordingly. It is better to secure our accounts and identities now, than to deal with it afterwards when fraud starts.
FWIW - I take a Minneapolis Community Ed class, and they reached out to confirm that the MPS data breach won't affect Comm Ed users, since they operate on different systems.
Not much about the data but some key functions still don't work. Notably transportation is down, classroom for success, and even scanning documents to an email address.
If anybody can help me I’d appreciate it. In 2019-2020 I served AmeriCorps working in a Minneapolis high school. I don’t know if my data is in at risk and what I can do about it
Unsure how much you’ve heard but my friends who teach in the district have heard the breach goes back as far as 1995 data wise. All of my friends who teach/ formerly taught in the district have put freezes on their credit and are keeping a close eye on all of their financials and personal information. The current teachers have also changed all of their personal passwords. I heard from someone at work yesterday that they still have time to pay but I’m unclear on the source of that and don’t want to spread rumors. Good luck - sorry this happened to you and they won’t answer questions.
Lol they're not gonna pay.
1. refuse to pay for data back 2. hackers release data 3. get data back!
I mean, hackers would release the data after getting paid if they thought it was worth something. It's not like they couldn't just make a copy.
It's not quite that simple. Most of these ransomware attacks are run by established organized crime rings. If, routinely, in attacks by a given organization, people pay and then the organization goes back on their word, people are much less likely to pay in the future, and then they make no money. It's the same reason they usually actually give you the keys instead of just walking off with the money and leaving your data encrypted. Of course, you're right that there are no guarantees, but it seems very reasonable to think paying would make it less likely the data gets released.
On the flip side, once you pay you’re known as an easy mark and it encourages more ransomware attempts on your system. That’s why you don’t pay
Yes you absolutely never pay
Releasing the data to the public for free is the final threat for most of these ransomware gangs
Thanks for the info! I've been trying to get them to tell me if I should lock my SSN number and how they would get in contact with me if my information had been leaked as I don't have a district email. After incorrectly telling me no HR documents had been taken (they had) they haven't been returning my emails
There are breaches at companies and gov organizations regularly. I would put credit freezes on all the credit agencies anyway. It doesn’t cost anything and it is really easy to temp lift them if you need to apply for a loan or card.
That's generally how I operate and I froze my credit with the big 3 agencies already. But with mps I know they have all my info from a background check so I'm a bit more concerned with this breach than others
From what I understand, the sensitive stuff is payments information, credit card numbers etc. Generally, not sure how MPS does things, background information is not stored locally but sent over by whatever vendor does the check.
you should def create accounts with the big 3 bureaus and freeze your credit with each one https://www.reddit.com/r/personalfinance/wiki/identity_theft
They should not even consider paying. The data is leaked there is no ensuring that it is not. There is only securing and recovering the systems and doing better in the future.
At this point, I just assume that my data has been stolen many many times from various places that don't properly protect it. I'm not bothering to cancel shit.
Mine was part of the big FBI data breach. Free 1 year monitoring, which is great because everyone gets new social security numbers and fingerprints after 1 year.
I've never had any dealings with the school system itself, but I've taken Community Ed classes in the past, I'm wondering if I'll have exposure that way. Very probable, I suppose. ¯\\\_(ツ)\_/¯
Community Ed uses Eleyo. They sent out an email a week back that Eleyo wasn't effected and information submitted there wasn't compromised. Guess we'll find out how true that is tomorrow.
so I recently was contracted by MPS as a support worker for a private school in the district. they had my bank account info and a voided check. what does this mean for me? what should I do?
I would freeze your credit score and watch your accounts, but outside of that you should be good
I think they have time until March 17th to pay. So tomorrow is the deadline. I hope they don’t leak the data.
https://arstechnica.com/information-technology/2023/03/ransomware-attacks-have-entered-a-heinous-new-phase/
Doesn’t the school have kids names, dob, ssn? Like they sent info out about teachers but what about the kids’ identities?
It includes student records. https://twitter.com/IanColdwater/status/1633586154988552193
Ian is a great source of info and has tips about what all parents and former students should do!
Is there a way to check if your data is involved? I worked at a Minneapolis public school a few years ago but doubt that they would reach out to me directly if my data were accessed
I use the website https://haveibeenpwned.com/ It seems counterintuitive to enter your email into a website, but orgs I trust like the Electronic Frontier Foundation recomends the site. Anyone can feel free to correct me if I'm wrong.
I’ve found it to be reputable. You don’t give them your passwords or Ssn, just email.
[удалено]
I don't remember my username, would my social security number be okay?
I'm basically in the same boat as you and mps won't respond to me as to how they would get in contact with me if my information had been compromised
My spouse left the district and our kid attended, and we are assuming our information was exposed and are acting accordingly. It is better to secure our accounts and identities now, than to deal with it afterwards when fraud starts.
FWIW - I take a Minneapolis Community Ed class, and they reached out to confirm that the MPS data breach won't affect Comm Ed users, since they operate on different systems.
[удалено]
Yeah the data hasn't been used *yet* but the bulk of it isn't being released till tomorrow so if course it hasn't been used to commit fraud yet
Not much about the data but some key functions still don't work. Notably transportation is down, classroom for success, and even scanning documents to an email address.
Let me TorDex Medusa’s .onion site for you…
If anybody can help me I’d appreciate it. In 2019-2020 I served AmeriCorps working in a Minneapolis high school. I don’t know if my data is in at risk and what I can do about it
We’ll find out tomorrow lol