Ransomware Gangs Steal Confidential Files Belonging To Children

Private documents stolen from schools and exposed online by ransomware gangs have unveiled a raw and disturbing reality. These files delve into the darkest corners of student experiences, recounting various types of unwanted attacks, psychiatric hospitalizations, abusive parents, truancy, and even suicide attempts.

Among the more than 300,000 files dumped online in March outlined various physical violations from the Minneapolis Public Schools, who refused to pay the $1 million ransom. These files, rife with intimate details, were accompanied by medical records, discrimination complaints, Social Security numbers, and personal contact information of district employees.

Schools across the nation have become prime targets for criminal hackers, drawn to the wealth of digitized data that was once confined to locked cabinets. With limited resources and pressing challenges from the pandemic and shrinking budgets, districts are ill-prepared to defend themselves or adequately respond when compromised.

Months after the Minneapolis incident, administrators have yet to fulfill their promise of informing individual victims. The exposure of personal data, including psychological records and battery cases, has far-reaching consequences. Students, staff, and parents are left traumatized, knowing their private lives have been laid bare on the internet and dark web.

The scope of these attacks is widespread, with other major districts like San Diego, Des Moines, and Tucson falling victim to data theft — yet schools have been slow to fortify their networks and implement necessary cybersecurity measures.

Ransomware attacks have already impacted over 5 million U.S. students, with attacks projected to increase this year. Nearly one in three districts had experienced a breach by the end of 2021. However, allocating funds for security remains a challenge, as parents prioritize resources for other educational needs.

Previously, ransomware strikes did not typically involve data theft, but now it has become commonplace, with stolen information being sold on the dark web. The criminals behind the Minneapolis theft were particularly bold, sharing links to stolen data on social media platforms.

In contrast, the Los Angeles Unified attack resulted in leaked financial records, personnel files, and scanned identification documents. The consequences of these breaches extend beyond financial losses or school closures. The urgency to address these vulnerabilities has never been greater, as the privacy and safety of students and staff remain at stake.