Minnesota Department of Education impacted by global data breach

The state’s education department announced Friday that one of its servers was affected by a global cybersecurity attack last week. According to the Minnesota Department of Education (MDE), the breach targeted MOVEit software, a popular software used by many companies and government agencies.

Minnesota IT Services (MNIT) learned of the breach on May 31, the same day MDE files on a MOVEit server were accessed. The departments say both MDE and MNIT took immediate steps to protect their data, and officials started to investigate and assess the impact of the breach.

For additional information, visit https://education.mn.gov/MDE/about/breach/

“MDE takes data privacy very seriously. We understand that third parties illegally accessing private data can have negative consequences for those whose data was accessed,” the department said in a statement announcing the breach. “Working with our MNIT partners, MDE is adding additional security measures to protect private data and prevent instances like this from happening in the future.”

MDE says an initial investigation found that 24 of its files were accessed during the data breach. Those files included data that was transferred from the Minnesota Department of Human Services to MDE due to state and federal reporting requirements, as well as files from the Minneapolis and Perham school districts and Hennepin Technical College.

The department says the accessed files had the names of around 95,000 students placed in foster care around the state, 124 Perham students who qualified for Pandemic Electronic Benefits Transfer (P-EBT), 29 students who were taking post-secondary classes at Hennepin Technical College in Minneapolis and five students who were on a specific Minneapolis Public Schools bus route.

The information on the foster care students included demographic data, dates of birth and county of placement; the P-EBT files had demographic data, birth dates and some addresses and names of parents or guardians; the post-secondary data included similar data, plus some high school and college transcript information that contained the last four digits of students’ social security numbers; the MPS bus route data contained only the names of five children but no other information, MDE says.

MDE added that no financial information was included in any of the files affected by the data breach and the department is working to notify anyone whose data was accessed. The department added that it hasn’t received any ransom demands, seen the data shared anywhere online or found any virus or other malware since the breach.

However, officials still recommend anyone who may have been impacted by the breach to take precautionary measures, such as monitoring personal credit reports.

The department also has more information and resources for anyone who might’ve been affected online.

The FBI, Minnesota Bureau of Criminal Apprehension and Office of the Legislative Auditor have all been notified of the breach, according to MDE.

This story was used with permision from KSTP 5Eyewitness News.