Medusa Leaked Minneapolis Students’ #Psychological; Sexual assault Report
Medusa leaked student data to the web. This included a regular surge of personal data points—including students’ birthdays and social security numbers.
However, NBC reports comprised far more sensitive information, containing students’ mental health records and records detailing allegations of abuse against associates of the district’s staff.
Medusa Takes Responsibility
The Minneapolis Public Schools district, which is K-12, serves some 29,000 students and includes dozens of schools. The threat actors behind the hack on the district—Medusa— unleashed a torrent of some 200,000 files it stole from the school’s servers, incorporating several databases cataloging the events of students exhibiting behavioral issues.
In the databases, students are identified via several markers, possessing an ID number, ethnicity, and the school that they attend. Medusa also leaked sensitive data portfolios on hundreds of children with special essentials.
NBC reported that copies contained pages of details about students, fitting home issues like divorcing or incarcerated parents, ailments like Attention Deficit Disorder, results of intelligence tests, and what prescriptions they take.
Alleged Sexual Reports Leaks
Details of allegations of abuse by specific district staff were in the leaks. As per NBC, a special education student alleged that they experienced sexual abuse at the hands of a district school bus driver.
The police apprehended the alleged abuser. In addition to the name of the alleged offender, the document contained the student’s name, date of birth, and address are all presented in the data.
Medusa published the documents to several websites in a campaign that it portrayed as extremely aggressive Medusa has posted the material to a “leak site”—a site used to urge hacking targets into paying a ransom via strategic leaks.
In other news, America’s latest legal organization confirmed a hacker stole 1.5 million American Bar Association account usernames and passwords in March.
The cyber security breach of ABA’s network impacted accounts data used to gain entry into the association’s pre-2018 website and the career center website.
