St. Paul Public Schools notifies students about winter data breach

Names and email addresses may have been accessed, the district says.

September 11, 2023 at 8:54PM
St. Paul Public Schools recently notified students’ families of a data breach. (John Taggart, Bloomberg/The Minnesota Star Tribune)

St. Paul Public Schools informed students this weekend of a data breach in February that included possible access to their names and email addresses.

An investigation found no evidence, however, that passwords, Social Security numbers or payment information "were compromised," Mario McHenry, the district's executive director of technology services, wrote in a letter to student households.

"SPPS has cooperated with law enforcement, a suspect has been reasonably identified and an investigation is ongoing," he wrote.

The incident comes at a time of growing threats to the computer systems of K-12 and higher-education institutions.

Minneapolis Public Schools was the victim of a cyberattack — also in February — for which a ransomware group took credit. The University of Minnesota also is seeking to unravel a potentially massive data breach there.

Recently, Minneapolis schools began contacting people whose personal data may have been accessed. Screenshots posted earlier by the ransomware group included student names and addresses and forms that could contain sensitive employee information.

McHenry wrote that St. Paul Public Schools became aware of "suspicious activity in its network environment" in February and began working immediately with the FBI, Minnesota IT Services and the state Department of Public Safety to investigate.

The district determined that anunauthorized third party had acquired data during the incident, but the full scope of what occurred was not known until July 17, he said. Then, the district set out to compile mailing addresses for those who were affected — a process that McHenry said took until Aug. 15.

Staff members were told about the incident in an e-mail on Aug. 24. The district wrote then that it was "unaware of any fraudulent use" of the data and it laid out plans for students to receive new passwords that were to be used beginning last Friday.

"SPPS sincerely regrets any concern or inconvenience this matter may cause, and remains dedicated to ensuring the privacy and security of all information in our control," McHenry wrote in his letter to students and families.

about the writer

about the writer

Anthony Lonetree

Reporter

Anthony Lonetree has been covering St. Paul Public Schools and general K-12 issues for the Star Tribune since 2012-13. He began work in the paper's St. Paul bureau in 1987 and was the City Hall reporter for five years before moving to various education, public safety and suburban beats.

See More