At a glance.
- Highly sensitive data allegedly stolen from Minneapolis school district.
- PNP data leak caused by vulnerability, not a breach.
- US moves to dismiss Ken Griffin's IRS data leak lawsuit.
Highly sensitive data allegedly stolen from Minneapolis school district.
The March ransomware attack that shut down a US school district located in the state of Minneapolis made headlines last month after the hackers behind the attack published the stolen data on the web. Now, NBC News reports they were able to download a sampling of the data, and it not only includes basic student and teacher data like names and contact info, but also highly sensitive documents like teacher abuse allegations and students’ psychological reports. The authenticity of the files has not been independently verified, and Minneapolis Public Schools has declined to answer questions about the data. In an exceptionally aggressive move, the hacking group also posted about the documents on popular platforms Twitter and Facebook, and created a 50-minute long video of screenshots of the stolen data. NBC News has chosen not to identify the cybercriminals behind the attack, but Gizmodo says ransomware group Medusa has taken credit for the data dump. Doug Levin, director of nonprofit K12 Security Information Exchange, says the attack is a reminder that schools are seen as a lucrative, easy target for hackers and schools need to be equipped with more resources to protect their data. “The fact of the matter is, school districts really should be treating this more like nuclear waste, where they need to identify it and contain it and make sure that access to it is restricted,” Levin stated. “Organizations that are supposed to be helping to uplift children and prepare them for the future could instead be introducing significant headwinds to their lives just for participating in public school.”
PNP data leak caused by vulnerability, not a breach.
As we discussed last week, cybersecurity researcher Jeremiah Fowler discovered an unprotected database containing over 1.2 million records of personal data apparently linked to law enforcement in the Republic of the Philippines. On Tuesday, INQUIRER.net reports, Department of Information and Communications Technology Secretary Ivan Uy told reporters that the leak was caused by “serious lapses in procedure” at the Philippine National Police (PNP). Uy confirmed that the exposed database contained data uploaded from the PNP’s application or recruitment portal. However, Uy attempted to downplay the incident, emphasizing that it was caused by a vulnerability in the network and that there’s no evidence that any of the data were stolen. “So it’s not a hack; it’s not a breach,” Uy said. “There was no intrusion into any government system.” He added that the employment platform in question had since been taken down, and that the National Privacy Commission has launched an investigation into the violation of the Data Privacy Law.
US moves to dismiss Ken Griffin’s IRS data leak lawsuit.
Lawyers are calling for the dismissal of the lawsuit filed by Ken Griffin, founder of American multinational hedge fund Citadel, against the Internal Revenue Service (IRS), Bloomberg reports. Griffin alleges that by allowing non-profit news outlet ProPublica to publish tax information about some of the wealthiest US taxpayers, himself included, the IRS failed to protect his confidential financial data. However, US lawyers say Griffin’s suit is based on speculation that IRS workers must have leaked the data and that there is no evidence to back up his claims. In a filing Tuesday in Miami federal court, the lawyers wrote, “Griffin speculates that some unknown individual(s) in an organization of nearly 80,000 employees, using unknown methods and exploiting unspecified security weaknesses, wrongfully obtained his return information.” They went on to say that Griffin is overlooking any other possible explanations for how the data ended up in ProPublica's hands. The lawyers added that finding an individual culprit among the IRS’s employees would be like searching for the proverbial “ needle in a haystack,” a task made even more difficult by the possibility that needle might not exist. Propublica has said it does not know if the source came from the IRS, and speculates it could have been a hostile state actor. ProPublica’s piece reported that billionaires like Griffin, Elon Musk, and Jeff Bezos had used evasive strategies to pay little to no taxes, despite being some of the richest people in America.