The Minnesota Department of Education says some personal information of 95,000 students was accessed as part of a data breach from a global cyber-security attack.
The breach involved computer file transfer software called MOVEit that is used to encrypt and transfer data and is used by companies and government agencies. State officials learned on May 31 the software was vulnerable and had been accessed by an outside group so they moved the same day to protect the files.
The state’s investigation found 24 files from the state departments of education and human services were affected. They contained data from children in foster care, the Minneapolis and Perham school districts and Hennepin Technical College.
Data from about 95,000 students placed in foster care across the state were accessed including information about demographics, dates of birth and the counties where they are placed.
The students affected include 124 in the Perham district who qualified for pandemic electronic benefit transfers and 29 high school students taking classes at Hennepin Technical College. The student data access included names, addresses, dates of birth and other information.
Additionally, the names of five students on a particular Minneapolis bus route were disclosed.
State education officials say they are working to notify the people who had their data accessed. No financial information was included in the breach.
Education officials say they’ve added data security and notified state and federal law enforcement. They encourage anyone impacted by the breach to monitor their credit through free annual reports.
“We understand that third parties illegally accessing private data can have negative consequences for those whose data was accessed,” the department said in a statement.
More information is available on the education department website at: education.mn.gov/MDE/about/breach/