Minneapolis Public Schools Company CyberSecurity Posture

mpschools.org
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

We are MPS. At MPS, we work every day to provide our students an inclusive education, a supportive community and lifelong learning. There’s a place where everyone belongs in MPS, regardless of what you look like, what language you speak, how you pray or who you love. MPS teachers know more than your name—we know how to help you grow and achieve, wherever you are on your academic journey. We create experiences where you feel challenged and free to explore the world. Our students break the mold, and we celebrate that. STRONG SCHOOLS REFLECT STRONG COMMUNITIES Minneapolis Public Schools provide excellent Community Schools and now, centrally located Magnet School options, closer to home. We are central to every neighborhood and community. With more than 70 schools across the city, MPS is woven into the fabric of Minneapolis. INCLUSIVE EDUCATION SUPPORTIVE COMMUNITY LIFELONG LEARNING Terms of use at https://mpls.k12.mn.us/accessibility.

Minneapolis Public Schools A.I CyberSecurity Scoring

MPS

Company Details

Linkedin ID:

minneapolis-public-schools

Website:

https://www.mpschools.org

Employees number:

6,301

Number of followers:

17,099

NAICS:

92311

Industry Type:

Education Administration Programs

Homepage:

mpschools.org

IP Addresses:

Scan still pending

Company ID:

MIN_2556321

Scan Status:

In-progress

AI scoreMPS Risk Score (AI oriented)

Between 0 and 549

https://images.rankiteo.com/companyimages/minneapolis-public-schools.jpeg
MPS Education Administration Programs
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
globalscoreMPS Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/minneapolis-public-schools.jpeg
MPS Education Administration Programs
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

Minneapolis Public Schools

Critical
Current Score
376
C (Critical)
01000
3 incidents
-209.0 avg impact

Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.

DECEMBER 2025
373
NOVEMBER 2025
369
OCTOBER 2025
359
SEPTEMBER 2025
347
AUGUST 2025
335
JULY 2025
323
JUNE 2025
310
MAY 2025
297
APRIL 2025
284
MARCH 2025
524
Ransomware
01 Mar 2025 • Minneapolis Public Schools
Medusa Ransomware Attack on Minneapolis Public Schools

The Medusa ransomware gang targeted Minneapolis Public Schools, compromising sensitive student data and affecting over 100,000 individuals. This security breach resulted in the exposure of a substantial amount of personal information, leading to heightened concern amongst students, parents, and staff. The incident highlights the vulnerability of educational institutions to cyber attacks and the potential for significant disruption and long-term reputational damage.

257
critical -267
MIN305031225
Incident Details -
Type
Ransomware
Impact
Data Compromised: Sensitive student data Brand Reputation Impact: Significant disruption and long-term reputational damage
Data Breach
Type Of Data Compromised: Personal information Number Of Records Exposed: 100,000
References
Blog URL Source URL
FEBRUARY 2025
669
Ransomware
01 Feb 2025 • Minneapolis Public Schools: CISA: Medusa ransomware hit over 300 critical infrastructure orgs
Medusa Ransomware Impact on Critical Infrastructure Sectors

**Medusa Ransomware Surges, Impacting Over 300 U.S. Critical Infrastructure Organizations** A joint advisory from CISA, the FBI, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) revealed that the Medusa ransomware operation has compromised over 300 organizations across critical U.S. infrastructure sectors as of February 2025. Targeted industries include medical, education, legal, insurance, technology, and manufacturing. First detected in January 2021, Medusa initially operated as a closed ransomware variant before transitioning into a Ransomware-as-a-Service (RaaS) model in 2023. The group now recruits affiliates—including initial access brokers (IABs)—offering payments ranging from $100 to $1 million for exclusive partnerships. Medusa’s developers maintain control over core operations, including ransom negotiations. To pressure victims, the group launched the *Medusa Blog* leak site in 2023, using stolen data as leverage. High-profile attacks include breaches of Minneapolis Public Schools (March 2023) and Toyota Financial Services (November 2023), where the gang leaked files after an $8 million ransom demand was refused. Recent data from Symantec’s Threat Hunter Team indicates a 42% increase in Medusa attacks between 2023 and 2024, with nearly double the activity in early 2025 compared to the same period last year. The advisory also clarifies that Medusa is distinct from other similarly named threats, such as MedusaLocker and the Medusa botnet. Defensive recommendations from the agencies include patching vulnerabilities, network segmentation, and blocking untrusted remote access to mitigate risks. The alert follows a separate CISA-FBI warning last month about Ghost ransomware targeting victims across 70 countries.

518
critical -151
MIN1765304983
Incident Details -
Type
Ransomware
Attack Vector
Initial Access Brokers (IABs), Exploiting Known Vulnerabilities
Vulnerability Exploited
Unpatched software, firmware, and operating systems
Motivation
Financial Gain
Impact
Systems Affected: Critical infrastructure systems across multiple sectors Operational Impact: Disruption of services in affected organizations
Response
Containment Measures: Network segmentation, traffic filtering Remediation Measures: Patching known vulnerabilities
Data Breach
Personally Identifiable Information Sensitive Corporate Data Sensitivity Of Data: High
Lessons Learned
Importance of patching known vulnerabilities, network segmentation, and filtering network traffic to prevent lateral movement and ransomware attacks.
Recommendations
Mitigate known security vulnerabilities by patching operating systems, software, and firmware in a timely manner. Segment networks to limit lateral movement between infected and other devices. Filter network traffic by blocking access from unknown or untrusted origins to remote services on internal systems.
Investigation Status
Ongoing
Customer Advisories
Toyota Financial Services notified customers of a data breach following the ransomware attack.
Stakeholder Advisories
CISA, FBI, and MS-ISAC encourage organizations to implement recommended mitigations to reduce the likelihood and impact of Medusa ransomware incidents.
Initial Access Broker
Entry Point: Cybercriminal forums and marketplaces
Post Incident Analysis
Root Causes: Exploitation of unpatched vulnerabilities, initial access via brokers, lack of network segmentation Corrective Actions: Patch management, network segmentation, traffic filtering, enhanced monitoring
References
Blog URL Source URL
JANUARY 2025
669
FEBRUARY 2023
774
Ransomware
17 Feb 2023 • Minneapolis Public Schools
Ransomware Attack on Minneapolis Public Schools by Medusa Gang

In February 2023, Minneapolis Public Schools fell victim to a **ransomware attack** by the **Medusa gang**, which encrypted district files and exfiltrated highly sensitive data—including student records on **sexual misconduct, child abuse inquiries, mental health crises, and suspension reports**, as well as educator financial data. The attackers initially demanded **$4.5 million in bitcoin**, later reducing it to **$1 million** before leaking the data publicly when the district refused to pay. The breach exposed **105,617 individuals**, with victims experiencing **financial fraud** (e.g., $26,000 stolen from an educator’s account) and **direct threats** from the hackers via social media. The district delayed notifying affected parties for **seven months**, citing investigative integrity, while hiring high-cost cybersecurity lawyers ($370/hour) and forensic firms to manage the crisis. The attack disrupted operations, compromised trust, and revealed systemic failures in transparency, with officials initially downplaying the incident as an 'encryption event' despite FBI reports confirming data theft.

613
critical -161
MIN5650156102725
Incident Details -
Type
ransomware data breach double extortion
Motivation
financial gain data extortion
Impact
computer network student/educator files potential fines regulatory proceedings
Response
Mullen Coughlin (legal) Tracepoint (forensics) cyber insurance provider minimal disclosure delayed victim notification privileged investigation
Data Breach
student records (sexual misconduct, child abuse inquiries, mental health crises, suspensions) educator records personal/financial data (e.g., bank account access) Number Of Records Exposed: 105,617 Sensitivity Of Data: high (confidential student/educator records, PII, financial data) documents reports personal records
Regulatory Compliance
Maine Attorney General (breach notice) FBI
Lessons Learned
Transparency delays erode trust; timely notification is critical. Over-reliance on legal/insurance advice may hinder public communication. Double-extortion ransomware requires proactive data protection and incident response planning. Sensitive educational data (e.g., mental health, abuse records) requires heightened safeguards.
Recommendations
Implement stricter data access controls and encryption for sensitive records. Develop clear, victim-centric communication protocols for breaches. Review cyber insurance policies for transparency vs. legal privilege trade-offs. Conduct regular third-party audits of incident response plans. Train staff on recognizing phishing/initial access vectors to prevent future attacks.
Investigation Status
Completed (forensic analysis by Tracepoint; legal review by Mullen Coughlin)
Customer Advisories
Delayed by 7 months; 105,617 individuals notified via letter in September 2023.
Stakeholder Advisories
FBI (February 21, 2023) District email to families (February 24, 2023 - vague 'encryption event') Victim notification letters (September 2023)
Initial Access Broker
student mental health records abuse inquiries financial data
Post Incident Analysis
Inadequate network segmentation or access controls for sensitive data. Delayed or opaque communication strategies prioritizing legal/insurance interests over transparency. Lack of real-time monitoring to detect exfiltration early. Potential vulnerabilities in third-party vendor or insider access. Hired third-party forensics (Tracepoint) and legal (Mullen Coughlin) for investigation. Reviewed incident response plan (per insurance policy requirements). State-mandated cyberattack reporting (effective Dec. 1, 2024, though anonymized).
References
Blog URL Source URL

Frequently Asked Questions

According to Rankiteo, the current A.I.-based Cyber Score for Minneapolis Public Schools is 376, which corresponds to a Critical rating.

According to Rankiteo, the A.I. Rankiteo Cyber Score for November 2025 was 369.

According to Rankiteo, the A.I. Rankiteo Cyber Score for October 2025 was 359.

According to Rankiteo, the A.I. Rankiteo Cyber Score for September 2025 was 347.

According to Rankiteo, the A.I. Rankiteo Cyber Score for August 2025 was 335.

According to Rankiteo, the A.I. Rankiteo Cyber Score for July 2025 was 323.

According to Rankiteo, the A.I. Rankiteo Cyber Score for June 2025 was 310.

According to Rankiteo, the A.I. Rankiteo Cyber Score for May 2025 was 297.

According to Rankiteo, the A.I. Rankiteo Cyber Score for April 2025 was 284.

According to Rankiteo, the A.I. Rankiteo Cyber Score for March 2025 was 257.

According to Rankiteo, the A.I. Rankiteo Cyber Score for February 2025 was 518.

According to Rankiteo, the A.I. Rankiteo Cyber Score for January 2025 was 669.

Over the past 12 months, the average per-incident point impact on Minneapolis Public Schools’s A.I Rankiteo Cyber Score has been -209.0 points.

You can access Minneapolis Public Schools’s cyber incident details on Rankiteo by visiting the following link: https://www.rankiteo.com/company/minneapolis-public-schools.

You can find the summary of the A.I Rankiteo Risk Scoring methodology on Rankiteo by visiting the following link: Rankiteo Algorithm.

You can view Minneapolis Public Schools’s profile page on Rankiteo by visiting the following link: https://www.rankiteo.com/company/minneapolis-public-schools.

With scores of 18.5/20 from OpenAI ChatGPT, 20/20 from Mistral AI, and 17/20 from Claude AI, the A.I. Rankiteo Risk Scoring methodology is validated as a market leader.