MPS
Company Details
Linkedin ID:
minneapolis-public-schools
Website:
Employees number:
6,301
Number of followers:
17,099
NAICS:
92311
Industry Type:
Homepage:
mpschools.org
IP Addresses:
0
Company ID:
MIN_2556321
Scan Status:
In-progress
Minneapolis Public Schools Company CyberSecurity Posture
mpschools.org
We are MPS. At MPS, we work every day to provide our students an inclusive education, a supportive community and lifelong learning. There’s a place where everyone belongs in MPS, regardless of what you look like, what language you speak, how you pray or who you love. MPS teachers know more than your name—we know how to help you grow and achieve, wherever you are on your academic journey. We create experiences where you feel challenged and free to explore the world. Our students break the mold, and we celebrate that. STRONG SCHOOLS REFLECT STRONG COMMUNITIES Minneapolis Public Schools provide excellent Community Schools and now, centrally located Magnet School options, closer to home. We are central to every neighborhood and community. With more than 70 schools across the city, MPS is woven into the fabric of Minneapolis. INCLUSIVE EDUCATION SUPPORTIVE COMMUNITY LIFELONG LEARNING Terms of use at https://mpls.k12.mn.us/accessibility.
Minneapolis Public Schools A.I CyberSecurity Scoring
MPS Risk Score (AI oriented)Between 0 and 549
MPS
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
MPS Global Score (TPRM)XXXX
MPS
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
MPS Company CyberSecurity News & History
Past Incidents
3
Attack Types
1
Minneapolis Public Schools
Ransomware
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: The Medusa ransomware gang targeted Minneapolis Public Schools, compromising sensitive student data and affecting over 100,000 individuals. This security breach resulted in the exposure of a substantial amount of personal information, leading to heightened concern amongst students, parents, and staff. The incident highlights the vulnerability of educational institutions to cyber attacks and the potential for significant disruption and long-term reputational damage.
Minneapolis Public Schools: CISA: Medusa ransomware hit over 300 critical infrastructure orgs
Ransomware
Rankiteo Explanation
Attack threatening the organization's existence
Description: **Medusa Ransomware Surges, Impacting Over 300 U.S. Critical Infrastructure Organizations** A joint advisory from CISA, the FBI, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) revealed that the Medusa ransomware operation has compromised over 300 organizations across critical U.S. infrastructure sectors as of February 2025. Targeted industries include medical, education, legal, insurance, technology, and manufacturing. First detected in January 2021, Medusa initially operated as a closed ransomware variant before transitioning into a Ransomware-as-a-Service (RaaS) model in 2023. The group now recruits affiliates—including initial access brokers (IABs)—offering payments ranging from $100 to $1 million for exclusive partnerships. Medusa’s developers maintain control over core operations, including ransom negotiations. To pressure victims, the group launched the *Medusa Blog* leak site in 2023, using stolen data as leverage. High-profile attacks include breaches of Minneapolis Public Schools (March 2023) and Toyota Financial Services (November 2023), where the gang leaked files after an $8 million ransom demand was refused. Recent data from Symantec’s Threat Hunter Team indicates a 42% increase in Medusa attacks between 2023 and 2024, with nearly double the activity in early 2025 compared to the same period last year. The advisory also clarifies that Medusa is distinct from other similarly named threats, such as MedusaLocker and the Medusa botnet. Defensive recommendations from the agencies include patching vulnerabilities, network segmentation, and blocking untrusted remote access to mitigate risks. The alert follows a separate CISA-FBI warning last month about Ghost ransomware targeting victims across 70 countries.
Minneapolis Public Schools
Ransomware
Rankiteo Explanation
Attack threatening the organization's existence
Description: In February 2023, Minneapolis Public Schools fell victim to a **ransomware attack** by the **Medusa gang**, which encrypted district files and exfiltrated highly sensitive data—including student records on **sexual misconduct, child abuse inquiries, mental health crises, and suspension reports**, as well as educator financial data. The attackers initially demanded **$4.5 million in bitcoin**, later reducing it to **$1 million** before leaking the data publicly when the district refused to pay. The breach exposed **105,617 individuals**, with victims experiencing **financial fraud** (e.g., $26,000 stolen from an educator’s account) and **direct threats** from the hackers via social media. The district delayed notifying affected parties for **seven months**, citing investigative integrity, while hiring high-cost cybersecurity lawyers ($370/hour) and forensic firms to manage the crisis. The attack disrupted operations, compromised trust, and revealed systemic failures in transparency, with officials initially downplaying the incident as an 'encryption event' despite FBI reports confirming data theft.
MPS Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for MPS
Incidents vs Education Administration Programs Industry Average (This Year)
Minneapolis Public Schools has 132.56% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Minneapolis Public Schools has 156.41% more incidents than the average of all companies with at least one recorded incident.
Incident Types MPS vs Education Administration Programs Industry Avg (This Year)
Minneapolis Public Schools reported 2 incidents this year: 0 cyber attacks, 2 ransomware, 0 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — MPS (X = Date, Y = Severity)
MPS cyber incidents detection timeline including parent company and subsidiaries
MPS Company Subsidiaries
We are MPS. At MPS, we work every day to provide our students an inclusive education, a supportive community and lifelong learning. There’s a place where everyone belongs in MPS, regardless of what you look like, what language you speak, how you pray or who you love. MPS teachers know more than your name—we know how to help you grow and achieve, wherever you are on your academic journey. We create experiences where you feel challenged and free to explore the world. Our students break the mold, and we celebrate that. STRONG SCHOOLS REFLECT STRONG COMMUNITIES Minneapolis Public Schools provide excellent Community Schools and now, centrally located Magnet School options, closer to home. We are central to every neighborhood and community. With more than 70 schools across the city, MPS is woven into the fabric of Minneapolis. INCLUSIVE EDUCATION SUPPORTIVE COMMUNITY LIFELONG LEARNING Terms of use at https://mpls.k12.mn.us/accessibility.
Loading...
MPS Similar Companies
Department of Education - Philippines
The DepEd Vision We are people organization committed to a culture of excellence in public service. Believing that the most important resource of our country is its people, we make the task of educating the Filipino child our singular mission. We assist the Filipino child to discover his/her
Houston ISD
The Houston Independent School District is the largest public school system in Texas and the eighth largest in the United States. Its schools are dedicated to giving every student the best possible education through an intensive core curriculum and specialized, challenging instructional and career p
NIIT Limited
NIIT Ltd. is a leading skills & talent development corporation, set up in 1981 to help the nascent IT industry overcome its human resource challenges. To meet the manpower challenges in BFSI sector, NIIT established Institute for Finance, Banking, and Insurance (IFBI), India's premier banking traini
ESS
As leaders in the education staffing space since 2000, ESS specializes in placing qualified staff in daily, long-term, and permanent K-12 school district positions, including substitute teachers, paraprofessionals, and other school support staff. Over the last 24 years, we have innovated education s
The School District of Palm Beach County
The School District of Palm Beach County is the tenth-largest school district in the nation and the fifth-largest in the state of Florida with 180 schools, serving more than 170,000 students. As the largest employer in Palm Beach County, the school district has more than 23,000 employees, including
Beaconhouse Group
The Beaconhouse School System has risen from its modest beginnings in 1975 as Les Anges Montessori Academy to become a major force in the education world. With an ever-expanding base, already established in Malaysia, the Philippines, Pakistan, the UAE, Oman, Belgium and Thailand, Beaconhouse is one
University of Washington Foster School of Business Executive Education
The Executive Education Department at the UW Foster School of Business develops strategic leaders. We offer comprehensive programs such as our nine-month Executive Development Program as well as focused seminars on essential business topics like leadership, finance and accounting, and negotiating.
The Clark County School District is the 5th largest school district in the nation with over 300,000 students in 357 schools and over 40,000 employees. Our focus is on people – the educators, staff, students and parents who make our community one of the most diverse and dynamic places in the countr
Jefferson County Public Schools
— 30th largest school district in the U.S. — 96,000+ students — 17,400+ full- and part-time employees, including 6,800+ certified teachers Vision All JCPS students graduate prepared, empowered, and inspired to reach their full potential and contribute as thoughtful, responsible citizens of our div
.png)
MPS CyberSecurity News
November 04, 2025 08:00 AM
Minnesota election results: School funding referendum requests
ST. PAUL, Minn. (FOX 9) - Dozens of Minnesota school districts are asking taxpayers to approve new funding, including referendum requests...
November 02, 2025 07:00 AM
Minneapolis teachers file intent to strike: students could be out of school by Nov. 11, what it means for
News News: Minneapolis teachers have filed an intent to strike, potentially affecting tens of thousands of students as early as Nov. 11.
September 29, 2025 07:00 AM
A day in the life of a hacker hunter
UnitedHealth Group, Minneapolis Public Schools and the city of St. Paul have all fallen victim to hackers who make a living through theft...
September 03, 2025 07:00 AM
DIGGING DEEPER: State support for private school security in wake of Minneapolis shooting
A 2023 letter to Minnesota Governor Tim Walz is getting renewed attention following the Aug. 27 mass shooting at Annunciation Catholic...
July 30, 2025 07:00 AM
Cyberattacks like the one in St. Paul cost U.S. cities millions of dollars
St. Paul continues to be under a state of emergency after a cyberattack shut down many of the city's online systems.
July 25, 2025 07:00 AM
NASCAR Confirms Medusa Ransomware Breach After $4M Demand
In April 2025, Hackread.com exclusively reported that the Medusa ransomware group had claimed responsibility for breaching the National...
April 13, 2025 07:00 AM
Medusa ransomware gang claims to have hacked NASCAR
The Medusa ransomware-as-a-service (RaaS) claims to have compromised the computer systems of NASCAR, the United States' National Association for Stock Car Auto...
March 27, 2025 07:00 AM
Nationwide cyberattack exposes data of thousands of Minnesota students
Software used to manage student information was hacked in December, affecting millions, including at least 15 public school districts and...
March 12, 2025 07:00 AM
CISA: More than 300 critical infrastructure orgs attacked by Medusa ransomware
The Medusa ransomware gang has attacked over 300 victims in critical infrastructure sectors, according to US cybersecurity agencies.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
MPS CyberSecurity History Information
Official Website of Minneapolis Public Schools
The official website of Minneapolis Public Schools is https://www.mpschools.org.
Minneapolis Public Schools’s AI-Generated Cybersecurity Score
According to Rankiteo, Minneapolis Public Schools’s AI-generated cybersecurity score is 376, reflecting their Critical security posture.
How many security badges does Minneapolis Public Schools’ have ?
According to Rankiteo, Minneapolis Public Schools currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Minneapolis Public Schools have SOC 2 Type 1 certification ?
According to Rankiteo, Minneapolis Public Schools is not certified under SOC 2 Type 1.
Does Minneapolis Public Schools have SOC 2 Type 2 certification ?
According to Rankiteo, Minneapolis Public Schools does not hold a SOC 2 Type 2 certification.
Does Minneapolis Public Schools comply with GDPR ?
According to Rankiteo, Minneapolis Public Schools is not listed as GDPR compliant.
Does Minneapolis Public Schools have PCI DSS certification ?
According to Rankiteo, Minneapolis Public Schools does not currently maintain PCI DSS compliance.
Does Minneapolis Public Schools comply with HIPAA ?
According to Rankiteo, Minneapolis Public Schools is not compliant with HIPAA regulations.
Does Minneapolis Public Schools have ISO 27001 certification ?
According to Rankiteo,Minneapolis Public Schools is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Minneapolis Public Schools
Minneapolis Public Schools operates primarily in the Education Administration Programs industry.
Number of Employees at Minneapolis Public Schools
Minneapolis Public Schools employs approximately 6,301 people worldwide.
Subsidiaries Owned by Minneapolis Public Schools
Minneapolis Public Schools presently has no subsidiaries across any sectors.
Minneapolis Public Schools’s LinkedIn Followers
Minneapolis Public Schools’s official LinkedIn profile has approximately 17,099 followers.
NAICS Classification of Minneapolis Public Schools
Minneapolis Public Schools is classified under the NAICS code 92311, which corresponds to Administration of Education Programs.
Minneapolis Public Schools’s Presence on Crunchbase
No, Minneapolis Public Schools does not have a profile on Crunchbase.
Minneapolis Public Schools’s Presence on LinkedIn
Yes, Minneapolis Public Schools maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/minneapolis-public-schools.
Cybersecurity Incidents Involving Minneapolis Public Schools
As of December 23, 2025, Rankiteo reports that Minneapolis Public Schools has experienced 3 cybersecurity incidents.
Number of Peer and Competitor Companies
Minneapolis Public Schools has an estimated 14,486 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Minneapolis Public Schools ?
Incident Types: The types of cybersecurity incidents that have occurred include Ransomware.
How does Minneapolis Public Schools detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an third party assistance with mullen coughlin (legal), third party assistance with tracepoint (forensics), third party assistance with cyber insurance provider, and and communication strategy with minimal disclosure, communication strategy with delayed victim notification, communication strategy with privileged investigation, and and containment measures with network segmentation, traffic filtering, and remediation measures with patching known vulnerabilities, and .
Incident Details
Can you provide details on each incident ?
Title: Medusa Ransomware Attack on Minneapolis Public Schools
Description: The Medusa ransomware gang targeted Minneapolis Public Schools, compromising sensitive student data and affecting over 100,000 individuals. This security breach resulted in the exposure of a substantial amount of personal information, leading to heightened concern amongst students, parents, and staff. The incident highlights the vulnerability of educational institutions to cyber attacks and the potential for significant disruption and long-term reputational damage.
Type: Ransomware
Threat Actor: Medusa ransomware gang
Title: Ransomware Attack on Minneapolis Public Schools by Medusa Gang
Description: A ransomware attack by the Medusa gang disrupted Minneapolis Public Schools' computer network on February 17, 2023, encrypting files and exfiltrating sensitive student and educator data. The attack involved a 'double-extortion' scheme, where the gang threatened to publish stolen data unless a ransom was paid. Initially, the district downplayed the severity, claiming no personal information was compromised, but later admitted to a massive breach affecting over 105,000 individuals. Sensitive records, including sexual misconduct cases, child abuse inquiries, and mental health crises, were leaked online after the district refused to pay the ransom (reduced from $4.5M to $1M). Notification to victims was delayed by seven months, and the district relied heavily on cyber insurance, legal counsel, and third-party forensics firms to manage the incident.
Date Detected: 2023-02-17
Date Publicly Disclosed: 2023-02-24
Type: ransomware
Threat Actor: Medusa ransomware gang
Motivation: financial gaindata extortion
Title: Medusa Ransomware Impact on Critical Infrastructure Sectors
Description: CISA revealed that the Medusa ransomware operation has impacted over 300 organizations in critical infrastructure sectors in the United States as of February 2025. The joint advisory was issued in coordination with the FBI and MS-ISAC, warning about the ransomware's impact across various industries including medical, education, legal, insurance, technology, and manufacturing.
Date Publicly Disclosed: 2025-02-01
Type: Ransomware
Attack Vector: Initial Access Brokers (IABs), Exploiting Known Vulnerabilities
Vulnerability Exploited: Unpatched software, firmware, and operating systems
Threat Actor: Medusa Ransomware Group
Motivation: Financial Gain
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Ransomware.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Cybercriminal forums and marketplaces.
Impact of the Incidents
What was the impact of each incident ?
Incident : Ransomware MIN305031225
Data Compromised: Sensitive student data
Brand Reputation Impact: Significant disruption and long-term reputational damage
Incident : ransomware MIN5650156102725
Systems Affected: computer networkstudent/educator files
Downtime: True
Customer Complaints: True
Legal Liabilities: potential finesregulatory proceedings
Identity Theft Risk: True
Payment Information Risk: True
Incident : Ransomware MIN1765304983
Systems Affected: Critical infrastructure systems across multiple sectors
Operational Impact: Disruption of services in affected organizations
Identity Theft Risk: True
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personal information, Student Records (Sexual Misconduct, Child Abuse Inquiries, Mental Health Crises, Suspensions), Educator Records, Personal/Financial Data (E.G., Bank Account Access), , Personally Identifiable Information, Sensitive Corporate Data and .
Which entities were affected by each incident ?
Incident : Ransomware MIN305031225
Entity Name: Minneapolis Public Schools
Entity Type: Educational Institution
Industry: Education
Location: Minneapolis
Customers Affected: 100,000 individuals
Incident : ransomware MIN5650156102725
Entity Name: Minneapolis Public Schools
Entity Type: K-12 School District
Industry: Education
Location: Minneapolis, Minnesota, USA
Customers Affected: 105,617
Incident : Ransomware MIN1765304983
Entity Name: Minneapolis Public Schools (MPS)
Entity Type: Educational Institution
Industry: Education
Location: United States
Incident : Ransomware MIN1765304983
Entity Name: Toyota Financial Services
Entity Type: Financial Services
Industry: Automotive/Finance
Location: Global
Customers Affected: True
Incident : Ransomware MIN1765304983
Industry: Medical, Education, Legal, Insurance, Technology, Manufacturing
Location: United States
Response to the Incidents
What measures were taken in response to each incident ?
Incident : ransomware MIN5650156102725
Incident Response Plan Activated: True
Third Party Assistance: Mullen Coughlin (Legal), Tracepoint (Forensics), Cyber Insurance Provider.
Communication Strategy: minimal disclosuredelayed victim notificationprivileged investigation
Incident : Ransomware MIN1765304983
Containment Measures: Network segmentation, traffic filtering
Remediation Measures: Patching known vulnerabilities
Network Segmentation: True
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Mullen Coughlin (legal), Tracepoint (forensics), cyber insurance provider, .
Data Breach Information
What type of data was compromised in each breach ?
Incident : Ransomware MIN305031225
Type of Data Compromised: Personal information
Number of Records Exposed: 100,000
Incident : ransomware MIN5650156102725
Type of Data Compromised: Student records (sexual misconduct, child abuse inquiries, mental health crises, suspensions), Educator records, Personal/financial data (e.g., bank account access)
Number of Records Exposed: 105,617
Sensitivity of Data: high (confidential student/educator records, PII, financial data)
Data Encryption: True
File Types Exposed: documentsreportspersonal records
Incident : Ransomware MIN1765304983
Type of Data Compromised: Personally identifiable information, Sensitive corporate data
Sensitivity of Data: High
Data Encryption: True
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Patching known vulnerabilities.
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by network segmentation and traffic filtering.
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : Ransomware MIN305031225
Ransomware Strain: Medusa
Incident : ransomware MIN5650156102725
Ransom Demanded: $4.5 million (initial) / $1 million (final)
Ransomware Strain: Medusa
Data Encryption: True
Data Exfiltration: True
Incident : Ransomware MIN1765304983
Ransom Demanded: $8 million (Toyota Financial Services case)
Ransomware Strain: Medusa
Data Encryption: True
Data Exfiltration: True
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : ransomware MIN5650156102725
Regulatory Notifications: Maine Attorney General (breach notice)FBI
Incident : Ransomware MIN1765304983
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : ransomware MIN5650156102725
Lessons Learned: Transparency delays erode trust; timely notification is critical., Over-reliance on legal/insurance advice may hinder public communication., Double-extortion ransomware requires proactive data protection and incident response planning., Sensitive educational data (e.g., mental health, abuse records) requires heightened safeguards.
Incident : Ransomware MIN1765304983
Lessons Learned: Importance of patching known vulnerabilities, network segmentation, and filtering network traffic to prevent lateral movement and ransomware attacks.
What recommendations were made to prevent future incidents ?
Incident : ransomware MIN5650156102725
Recommendations: Implement stricter data access controls and encryption for sensitive records., Develop clear, victim-centric communication protocols for breaches., Review cyber insurance policies for transparency vs. legal privilege trade-offs., Conduct regular third-party audits of incident response plans., Train staff on recognizing phishing/initial access vectors to prevent future attacks.Implement stricter data access controls and encryption for sensitive records., Develop clear, victim-centric communication protocols for breaches., Review cyber insurance policies for transparency vs. legal privilege trade-offs., Conduct regular third-party audits of incident response plans., Train staff on recognizing phishing/initial access vectors to prevent future attacks.Implement stricter data access controls and encryption for sensitive records., Develop clear, victim-centric communication protocols for breaches., Review cyber insurance policies for transparency vs. legal privilege trade-offs., Conduct regular third-party audits of incident response plans., Train staff on recognizing phishing/initial access vectors to prevent future attacks.Implement stricter data access controls and encryption for sensitive records., Develop clear, victim-centric communication protocols for breaches., Review cyber insurance policies for transparency vs. legal privilege trade-offs., Conduct regular third-party audits of incident response plans., Train staff on recognizing phishing/initial access vectors to prevent future attacks.Implement stricter data access controls and encryption for sensitive records., Develop clear, victim-centric communication protocols for breaches., Review cyber insurance policies for transparency vs. legal privilege trade-offs., Conduct regular third-party audits of incident response plans., Train staff on recognizing phishing/initial access vectors to prevent future attacks.
Incident : Ransomware MIN1765304983
Recommendations: Mitigate known security vulnerabilities by patching operating systems, software, and firmware in a timely manner., Segment networks to limit lateral movement between infected and other devices., Filter network traffic by blocking access from unknown or untrusted origins to remote services on internal systems.Mitigate known security vulnerabilities by patching operating systems, software, and firmware in a timely manner., Segment networks to limit lateral movement between infected and other devices., Filter network traffic by blocking access from unknown or untrusted origins to remote services on internal systems.Mitigate known security vulnerabilities by patching operating systems, software, and firmware in a timely manner., Segment networks to limit lateral movement between infected and other devices., Filter network traffic by blocking access from unknown or untrusted origins to remote services on internal systems.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Transparency delays erode trust; timely notification is critical.,Over-reliance on legal/insurance advice may hinder public communication.,Double-extortion ransomware requires proactive data protection and incident response planning.,Sensitive educational data (e.g., mental health, abuse records) requires heightened safeguards.Importance of patching known vulnerabilities, network segmentation, and filtering network traffic to prevent lateral movement and ransomware attacks.
References
Where can I find more information about each incident ?
Incident : ransomware MIN5650156102725
Source: The 74 - 'Kept in the Dark' Investigation
Incident : ransomware MIN5650156102725
Source: FBI Report (via The 74 public records request)
Incident : ransomware MIN5650156102725
Source: Maine Attorney General Breach Notice (September 2023)
Incident : ransomware MIN5650156102725
Source: Medusa Ransomware Leak Site
Incident : Ransomware MIN1765304983
Source: CISA Joint Advisory with FBI and MS-ISAC
Date Accessed: 2025-02-01
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: The 74 - 'Kept in the Dark' Investigation, and Source: FBI Report (via The 74 public records request), and Source: Maine Attorney General Breach Notice (September 2023), and Source: Medusa Ransomware Leak Site, and Source: CISA Joint Advisory with FBI and MS-ISACDate Accessed: 2025-02-01, and Source: Symantec Threat Hunter TeamDate Accessed: 2025-02-01.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : ransomware MIN5650156102725
Investigation Status: Completed (forensic analysis by Tracepoint; legal review by Mullen Coughlin)
Incident : Ransomware MIN1765304983
Investigation Status: Ongoing
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Minimal Disclosure, Delayed Victim Notification and Privileged Investigation.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : ransomware MIN5650156102725
Stakeholder Advisories: Fbi (February 21, 2023), District Email To Families (February 24, 2023 - Vague 'Encryption Event'), Victim Notification Letters (September 2023).
Customer Advisories: Delayed by 7 months; 105,617 individuals notified via letter in September 2023.
Incident : Ransomware MIN1765304983
Stakeholder Advisories: CISA, FBI, and MS-ISAC encourage organizations to implement recommended mitigations to reduce the likelihood and impact of Medusa ransomware incidents.
Customer Advisories: Toyota Financial Services notified customers of a data breach following the ransomware attack.
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Fbi (February 21, 2023), District Email To Families (February 24, 2023 - Vague 'Encryption Event'), Victim Notification Letters (September 2023), Delayed by 7 months; 105,617 individuals notified via letter in September 2023., CISA, FBI, and MS-ISAC encourage organizations to implement recommended mitigations to reduce the likelihood and impact of Medusa ransomware incidents. and Toyota Financial Services notified customers of a data breach following the ransomware attack..
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : ransomware MIN5650156102725
High Value Targets: Student Mental Health Records, Abuse Inquiries, Financial Data,
Data Sold on Dark Web: Student Mental Health Records, Abuse Inquiries, Financial Data,
Incident : Ransomware MIN1765304983
Entry Point: Cybercriminal forums and marketplaces
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : ransomware MIN5650156102725
Root Causes: Inadequate Network Segmentation Or Access Controls For Sensitive Data., Delayed Or Opaque Communication Strategies Prioritizing Legal/Insurance Interests Over Transparency., Lack Of Real-Time Monitoring To Detect Exfiltration Early., Potential Vulnerabilities In Third-Party Vendor Or Insider Access.,
Corrective Actions: Hired Third-Party Forensics (Tracepoint) And Legal (Mullen Coughlin) For Investigation., Reviewed Incident Response Plan (Per Insurance Policy Requirements)., State-Mandated Cyberattack Reporting (Effective Dec. 1, 2024, Though Anonymized).,
Incident : Ransomware MIN1765304983
Root Causes: Exploitation of unpatched vulnerabilities, initial access via brokers, lack of network segmentation
Corrective Actions: Patch management, network segmentation, traffic filtering, enhanced monitoring
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Mullen Coughlin (Legal), Tracepoint (Forensics), Cyber Insurance Provider, .
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Hired Third-Party Forensics (Tracepoint) And Legal (Mullen Coughlin) For Investigation., Reviewed Incident Response Plan (Per Insurance Policy Requirements)., State-Mandated Cyberattack Reporting (Effective Dec. 1, 2024, Though Anonymized)., , Patch management, network segmentation, traffic filtering, enhanced monitoring.
Additional Questions
General Information
What was the amount of the last ransom demanded ?
Last Ransom Demanded: The amount of the last ransom demanded was $4.5 million (initial) / $1 million (final).
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Medusa ransomware gang, Medusa ransomware gang and Medusa Ransomware Group.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2023-02-17.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-02-01.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were Sensitive student data, and .
What was the most significant system affected in an incident ?
Most Significant System Affected: The most significant system affected in an incident was computer networkstudent/educator files and .
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was mullen coughlin (legal), tracepoint (forensics), cyber insurance provider, .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident were Network segmentation and traffic filtering.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach was Sensitive student data.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 205.6K.
Ransomware Information
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Sensitive educational data (e.g., mental health, abuse records) requires heightened safeguards., Importance of patching known vulnerabilities, network segmentation, and filtering network traffic to prevent lateral movement and ransomware attacks.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Conduct regular third-party audits of incident response plans., Develop clear, victim-centric communication protocols for breaches., Train staff on recognizing phishing/initial access vectors to prevent future attacks., Mitigate known security vulnerabilities by patching operating systems, software, and firmware in a timely manner., Filter network traffic by blocking access from unknown or untrusted origins to remote services on internal systems., Implement stricter data access controls and encryption for sensitive records., Review cyber insurance policies for transparency vs. legal privilege trade-offs. and Segment networks to limit lateral movement between infected and other devices..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are Symantec Threat Hunter Team, Medusa Ransomware Leak Site, The 74 - 'Kept in the Dark' Investigation, Maine Attorney General Breach Notice (September 2023), FBI Report (via The 74 public records request) and CISA Joint Advisory with FBI and MS-ISAC.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Completed (forensic analysis by Tracepoint; legal review by Mullen Coughlin).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was FBI (February 21, 2023), District email to families (February 24, 2023 - vague 'encryption event'), Victim notification letters (September 2023), CISA, FBI, and MS-ISAC encourage organizations to implement recommended mitigations to reduce the likelihood and impact of Medusa ransomware incidents., .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an Delayed by 7 months; 105,617 individuals notified via letter in September 2023. and Toyota Financial Services notified customers of a data breach following the ransomware attack.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Cybercriminal forums and marketplaces.
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Inadequate network segmentation or access controls for sensitive data.Delayed or opaque communication strategies prioritizing legal/insurance interests over transparency.Lack of real-time monitoring to detect exfiltration early.Potential vulnerabilities in third-party vendor or insider access., Exploitation of unpatched vulnerabilities, initial access via brokers, lack of network segmentation.
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Hired third-party forensics (Tracepoint) and legal (Mullen Coughlin) for investigation.Reviewed incident response plan (per insurance policy requirements).State-mandated cyberattack reporting (effective Dec. 1, 2024, though anonymized)., Patch management, network segmentation, traffic filtering, enhanced monitoring.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A vulnerability has been found in SeaCMS up to 13.3. The affected element is an unknown function of the file js/player/dmplayer/dmku/class/mysqli.class.php. Such manipulation of the argument page/limit leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
Risk Information
cvss2
Base: 7.5
Severity: LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss3
Base: 7.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cvss4
Base: 6.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HappyDevs TempTool allows Stored XSS.This issue affects TempTool: from n/a through 1.3.1.
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tormorten WP Microdata allows Stored XSS.This issue affects WP Microdata: from n/a through 1.0.
Risk Information
cvss3
Base: 6.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in HappyDevs TempTool allows Retrieve Embedded Sensitive Data.This issue affects TempTool: from n/a through 1.3.1.
Risk Information
cvss3
Base: 4.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Description
A vulnerability has been found in Tenda FH1201 1.2.0.14(408). Affected is the function sprintf of the file /goform/SetIpBind. Such manipulation of the argument page leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
Risk Information
cvss2
Base: 9.0
Severity: LOW
AV:N/AC:L/Au:S/C:C/I:C/A:C
cvss3
Base: 8.8
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss4
Base: 7.4
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_FH1201/SetIpBind/SetIpBind.md
- https://github.com/z472421519/BinaryAudit/blob/main/PoC/BOF/Tenda_FH1201/SetIpBind/SetIpBind.md#reproduce
- https://vuldb.com/?ctiid.337689
- https://vuldb.com/?id.337689
- https://vuldb.com/?submit.719154
- https://www.tenda.com.cn/
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=minneapolis-public-schools' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
