Four days after an attack by a notorious ransomware gang disrupted the Minneapolis, Minnesota, school district鈥檚 computer network, accessing reams of students鈥� and educators鈥� sensitive information, officials contacted the FBI and laid out what happened. 

The district 鈥渋mmediately initiated an investigation鈥� after its Feb. 17, 2023, discovery that school system files had been encrypted by ransomware, officials told the federal law enforcement agency. A day later, Minneapolis schools hired a third-party forensics investigation firm to negotiate the hacker鈥檚 demand for $4.5 million in bitcoin. 

Yet when school officials notified students and parents, they vaguely described what happened as an 鈥渆ncryption event鈥� and offered a drastically different story than the one in their Feb. 21 report to the FBI. According to records obtained by 社区黑料 through public records requests, the district told families in a Feb. 24 email that its investigation 鈥渉as found no evidence that personal information was compromised.鈥� 

The statement was sent after cybersecurity experts advised district communications staff that 鈥渟haring the least amount of information鈥� as possible was 鈥渋n the best interest鈥� of district security. 

Threat actors with the ransomware gang Medusa 鈥� known for encrypting and stealing sensitive records from cyberattack victims and then threatening to publish them in what鈥檚 known as a 鈥渄ouble-extortion鈥� scheme 鈥� took credit for the attack. Medusa ultimately published a trove of sensitive school district files online. The leaked documents detail campus sexual misconduct cases, child abuse inquiries, student mental health crises and suspension reports. 

Minneapolis school leaders didn鈥檛 acknowledge for nearly two weeks after the attack that sensitive records may have been compromised 鈥� and waited months to notify breach victims directly by letter. 

The district didn鈥檛 respond to requests for comment.

As Minneapolis recovered from the attack, records show, it turned first to its insurance provider and cybersecurity lawyers, who were paid as much as $370 an hour to negotiate with the hackers, investigate the breach and keep information about the incident outside of public view. 

An insurance company, which held a $1 million liability policy on the district with a $100,000 deductible, was the first point of contact in the event of a cyberattack, according to a school system incident response plan obtained by 社区黑料.  The cyber insurance provider will 鈥渇acilitate breach counsel and forensic investigation teams,鈥� the plan notes, and deploy 鈥渆xperienced negotiators鈥� to communicate directly with the hackers. The policy also states it would cover the district鈥檚 liability for bad press, fines and 鈥渞egulatory proceedings鈥� related to a cyberattack. 

鈥淭he insurer will typically have an approved panel vendor list for breach counsel, computer forensics and incident response teams,鈥� the plan notes.  

Attorneys with the leading cybersecurity and data privacy law firm Mullen Coughlin were hired to carry out a 鈥減rivileged investigation,鈥� according to its report to the FBI, with the firm relaying that information about the attack should not be released publicly. 

鈥淧er [Minneapolis Public Schools鈥橾 request, all questions, communications and requests in connection with this notification should be directed to Mullen Coughlin,鈥� according to the notification to the FBI, which was signed by an associate attorney with the third-party law firm. Mullen Coughlin didn鈥檛 respond to 社区黑料鈥檚 request for comment.

Forensic investigation work was conducted by the cybersecurity incident response company Tracepoint, a subsidiary of the government and military contractor Booz Allen Hamilton, which Bloomberg News has dubbed 鈥渢he world鈥檚 most profitable spy organization.鈥� The researchers prepared 鈥渁 report detailing the forensic analysis process and analysis鈥� at Mullen Coughlin鈥檚 direction, records show. On March 14, 2023, the researchers held a meeting with district administrators where they went 鈥渢hrough the list of what TA [the threat actor] might鈥檝e accessed,鈥� and answered questions. 

The data leak had a direct, detrimental impact on breach victims, records show. In an email to the district in March, one educator reported that someone withdrew more than $26,000 from their bank account. Another person got a direct Twitter message from the 鈥淢edusa contact team,鈥� urging the person to respond to the threat actors immediately or else 鈥渨e will ensure your popularity.鈥� 

In March, Medusa ransomware actors posted the district鈥檚 stolen files online after the school system did not pay what the cybercriminals said on a leak site was a $1 million ransom 鈥� a markedly lower figure than the $4.5 million the district reported to the FBI. The breached files, according to an analysis by 社区黑料, include confidential and highly sensitive records about individual students and teachers. 

It wasn鈥檛 until September 2023 鈥� seven months after the attack 鈥� that 105,617 people were notified the 鈥渉acking鈥� incident exposed their sensitive information, according to a data breach notice sent to the Maine attorney general鈥檚 office. The notice states that the process to identify that information had been completed in July 鈥� a month and a half before officials notified victims.

鈥淎lthough it has been difficult to not share more information with you sooner,鈥� the letter to victims notes, 鈥渢he accuracy and the integrity of the review were essential.鈥�

As of Dec. 1, 2024, all schools in Minnesota are now to the state but that information will be anonymous and not shared with the public.

This story was supported by a grant from the Fund for Investigative Journalism.

Minneapolis Public Schools will use the last of its reserves and then some during next school year if it does not make substantial budget cuts or receive additional state or federal revenue. This is according to the district鈥檚 , a five year financial projection that the district prepares each year, which was presented to the school board鈥檚 finance committee on Tuesday evening.

The district is projecting an $84 million budget deficit in the 2025-26 school year, followed by deficits reaching $100 million in the next four years.

At the end of next school year, the pro forma predicts a general fund balance of -$14.9 million, which is -2.1% of the district鈥檚 operating expenses. This is just above the -2.5% that would signify 鈥� and lead to mandated state intervention. If voters approve a $20 million increase in the operating capital levy in November, the -2.5% trigger would still be reached in the 2026-27 school year without additional changes.

Get stories like this delivered straight to your inbox. Sign up for 社区黑料 Newsletter

The dire outlook comes despite the district making more optimistic assumptions about its revenues and costs compared to previous years. The district assumes enrollment will decrease by one percentage point less each year than it forecasted in last year鈥檚 pro forma because of a one-time increase in kindergarten enrollment this year. John Clinton, Minneapolis Public Schools鈥� executive director of finance, told board members he did not know what the district鈥檚 current enrollment is, nor the size of the current kindergarten class, when asked.

The district has had a growing number of new to country students enrolling in the district the past two school years. The district does not track immigration status of students, but last year,聽聽it had about 3,700 newcomer students enrolled in the district, most whose home language is Spanish.

The district鈥檚 funding is primarily based on enrollment, so higher enrollment projections mean higher revenue for the district.

Newcomer students whose home language is not English receive substantial support from the district to learn English. The state requires the district to provide these services but 聽to the district. This year, the district expects to聽 on support for English Learners than it receives in state aid for the services.

In the pro forma, the district assumes that overall its costs will increase at 2% per year, slower than the 4% rate it assumed in last year鈥檚 pro forma. The district also assumes that as enrollment declines, the number of licensed teachers it employs will decline, according to Clinton.

The district assumes that it will have an annual 2.5% increase in labor costs, the same assumption it made in its previous pro forma. The most recent contracts with teachers and education support professionals, the district鈥檚 two largest employee groups, included annualized cost increases of approximately 12% over the two years of the contracts, a much bigger cost than the projected 2.5%.

The district anticipates ending the current school year with $69 million in its general fund balance. This assumes that it ended last fiscal year with $154 million in its general fund balance, an amount nearly $13 million more than what the district had expected. In monthly financial statements presented to the school board in September, the district showed its general fund balance at the end of last year was about $90 million. Clinton told the board that the fluctuating estimate of the general fund balance is because of how the district is funded.

The school board reaffirmed its policy governing the district鈥檚 reserves last spring. This policy requires the district to maintain 8% of its operating expenses in its reserves. Based on its current expenses, this policy means the district must hold about $57 million in its unassigned general fund balance.

To meet its projected fund balance for the end of this fiscal year will require the district to limit its use of reserves to $55 million this year, and have a 4.75% vacancy rate to realize nearly $24 million in vacancy savings. Vacancy savings are funds the district budgets for, but believes it will not spend because it is unable to hire staff to fill the positions. At the school level, the majority of the聽聽are for staff who serve special education students and students who attend Northside schools. The district鈥檚聽聽is 4%.

How the district and school board will balance the budget next school year remains unknown. The pro forma is a financial projection but does not include budget recommendations. The projection sets a baseline for the district administration and board as they develop the budget for the upcoming school year.

This story was originally published on .

Shortly after a dozen gunshots erupted from a stolen red SUV on the northside of Minneapolis this month, emergency dispatchers were notified of the drive-by shooting that shattered a window at the school district鈥檚 administrative headquarters. 

District officials promptly reported the shooting to the cops, who briefly halted their chase when they encountered a school bus dropping off students. A second police report, this one from a California-based surveillance company, had also alerted authorities to the ear-piercing pops. 

The incident resulted in the arrest of three teenagers, who were ultimately chased down by cops on foot and a state police helicopter in the air. Shootings and car thefts have surged in Minneapolis over the last several years and, in , Minneapolis Police Chief Brian O鈥橦ara said that out-of-control youth had become 鈥渁 danger to themselves and to anyone who happens to be around them.鈥� 

Yet in some ways, the teenage arrests were an anomaly: The controversial ShotSpotter surveillance sensors that notified police to the blasts, have found, rarely direct police to the scenes of firearm crimes. Concerns about ShotSpotter false alarms and their disproportionate effects on Black residents didn鈥檛 stop the city鈥檚 school district from secretly partnering with the company, an investigation by 社区黑料 has revealed. 

For nearly a decade, Minneapolis Public Schools has made northside campus buildings available to bolster a massive surveillance network that peppers neighborhoods with microphones designed to detect, analyze and geolocate gunfire. 

Since at least 2014, the school district has agreed to host nondescript ShotSpotter sensors on the rooftops of campus buildings, according to contracts that were leaked as part of a massive cyber attack on Minneapolis Public Schools earlier this year. Six agreements, signed in 2014 and 2019, authorize the sensors to be mounted atop school buildings 鈥渋n an 鈥榦ut of sight鈥� fashion. The city maintains the primary contract to station ShotSpotter sensors throughout Minneapolis; the school district simply agreed to host the devices on their property. Last year, the city鈥檚 latest contract for the sensors totaled $168,000, according to GovSpend, a database that tracks government procurement. 

Subjected to a relentless stream of mass school shootings, school districts nationwide spend billions of dollars each year on campus security, including on gun-detection hardware. Yet ShotSpotter鈥檚 footprint in education remains largely unknown. The locations of the gun-detection sensors in Minneapolis and urban communities nationwide have for years been intentionally hidden.

In the leaked contracts, Minneapolis school officials agreed to withhold from the public information about its participation in the surveillance program. Details about the sensor locations, officials agreed, 鈥渃annot be disclosed under any circumstances.鈥�

In Minneapolis, campus ShotSpotter locations were uncovered during 社区黑料鈥檚 investigation into the fallout from the February cyber attack. Highly sensitive information about students and educators, as well as confidential campus security information, were published online in March after the district failed to pay the Medusa cyber gang鈥檚 $1 million ransom demand. 

ShotSpotter鈥檚 efforts to thwart bloodshed from gun violence is commendable, said Teresa Nelson, the legal director of the American Civil Liberties Union of Minnesota. But, she said, privacy and racial disparities in ShotSpotter locations, as well as reports calling into question the sensors鈥� effectiveness, outweigh their potential benefits. And efforts to withhold the school district鈥檚 ShotSpotter agreement from the public, stifle resident鈥檚 ability to engage in conversations about how to keep their communities safe, Nelson said.

Ultimately, 鈥渋t adds a layer to the idea of policing in our schools鈥� that could be problematic, she said. ShotSpotter coverage of schools, she worried, could send police who are 鈥渞eady for an extremely dangerous confrontation鈥� to campuses 鈥渇or no reason鈥� due to false alarms from fireworks, backfiring cars and other loud noises. 

鈥淭hat changes the tenor of policing in that area,鈥� she said. 鈥淧olice have tremendous power and so the community is entitled to know how they鈥檙e using that power and how they鈥檙e using new technologies that allow them to effectively conduct general mass surveillance.鈥�

The Minneapolis school district didn鈥檛 respond to multiple requests for comment. The district has been criticized for not sharing more information with the public about the nature and extent of the breach 鈥� on its website is from April 11. It declined interview requests from 社区黑料 for a May 15 investigation about the breach of closely guarded campus security information and didn鈥檛 respond to questions for a May 5 article on the leak of highly sensitive information about students and staff.

In an email, Minneapolis Police Department spokesperson Garrett Parten declined to disclose the number of ShotSpotter sensors deployed across Minneapolis, adding that the company selects installation locations. The technology, he said, 鈥渉as been an excellent tool in aiding the quick location of shooting victims鈥� so they can receive medical attention 鈥渨hen seconds count.鈥�

鈥淚n general, ShotSpotter pinpoints the location of gunfire,鈥� Parten said. 鈥淭his allows officers to respond directly to a location rather than doing a grid search looking for evidence. As such, officers are able to quickly locate and secure evidence that might otherwise be removed, compromised, or missed altogether.鈥�

Thomas Chittum, the senior vice president of analytics and forensic services at ShotSpotter owner SoundThinking, said the data breach in Minneapolis is a rare occurrence but the publicly traded company is taking the incident seriously. Though the sensors are regularly placed on municipal buildings like police departments and schools, he declined to specify how many are stationed on campuses in Minneapolis or nationwide. Sensor locations are confidential, he said, to prevent vandalism, retaliation against businesses and agencies that agree to host the devices, and efforts by gunmen to get around the system. 

鈥淣ow that these things are known publicly, we have to assess whether or not we think it poses a risk to the efficacy of the system,鈥� said Chittum, who retired last year as acting deputy director of the federal Bureau of Alcohol, Tobacco and Firearms. 鈥淭he sensors are not hard to relocate but we鈥檒l have to assess whether or not that鈥檚 feasible and necessary.鈥�

Few arrests, little evidence of gun-related crimes 

Researchers and civil rights groups have warned for years that the technology, which is disproportionately deployed in communities of color, could do more harm than good by routinely sending militarized police into high alert over false alarms. SoundThinking maintains that its ShotSpotter sensors are 97% accurate.

The on ShotSpotter鈥檚 efficacy, published in 2021 in the peer-reviewed Journal of Urban Health, reported dismal findings. The analysis of ShotSpotter in 68 metropolitan counties from 1999 to 2016 found the sensors had no significant impact on firearm-related homicide rates or arrest outcomes. 

ShotSpotter deployments have been especially contentious in Chicago, where the sensors are disproportionately installed in neighborhoods with large percentages of Black residents. In , ShotSpotter alerts send Chicago police to locations where they failed to find evidence of gun crimes, according to research by the MacArthur Justice Center at Northwestern University鈥檚 law school. Between April 2021 and April 2022, , 90% of ShotSpotter dispatches failed to find evidence of guns. In a 2022 lawsuit, the group that enables discriminatory policing without a clear public safety benefit. 

from the city鈥檚 Office of Inspector General, published in 2021, reached similar results, concluding that the alerts rarely produced evidence of gun-related crimes, investigatory stops or recovered firearms. Yet the sensors led police to make more aggressive stops in certain neighborhoods, the office found, offering fodder for advocates who argue the devices  lead to the over-policing of Black residents. 

In a, researchers called the MacArthur analysis 鈥渕isleading鈥� and concluded that, 鈥渂ased on client reports,鈥� ShotSpotter sensors were 97% effective in detecting gunfire. 

Chittum said the sensor locations are selected based on historical crime data and rejected advocates鈥� concerns over racial disparities. 

鈥淭he people that balk at the idea that you would deploy public safety infrastructure in the place where it could do the greatest good boggles my mind,鈥� he said. 鈥淥f course you鈥檙e going to deploy it in the place where it鈥檚 most likely to help the people that have had the greatest impact from gun violence. I just don鈥檛 understand why you wouldn鈥檛 want law enforcement to know about shootings that occur in those neighborhoods.鈥�

While the City of Chicago has long been a key ShotSpotter customer and former Democratic mayor Lori Lightfoot called the tool 鈥渁 lifesaver,鈥� . New progressive Mayor Brandon Johnson campaigned on a promise to end the city鈥檚 $33 million ShotSpotter contract, vowing to instead 鈥渋nvest in new resources that go after illegal guns without physically stopping and frisking Chicagoans on the street.鈥� After Johnson鈥檚 election, the more than 25%.

After weighing the costs against their benefits, officials in several cities 鈥� including , and 鈥� have ended their ShotSpotter subscriptions. In San Antonio, officials spent more than $500,000 for the sensors, an expenditure that led to four arrests and seven weapons seizures . 

Similarly in Minneapolis, ShotSpotter alerts have rarely led to arrests or evidence of gun-related crimes, . An analysis found that Minneapolis police responded to about 8,500 ShotSpotter activations from January 2020 to September 2021. About 80% of the time, police didn鈥檛 locate evidence of a gun-related crime and only 32 activations 鈥� less than 1% of the total 鈥� led to an arrest.

On one occasion, in 2012, the city on New Year’s Eve because the system became overwhelmed by alerts from the blasts of fireworks. 

鈥楽till losing our young people鈥�

The six Minneapolis campus ShotSpotter locations disclosed in the breach are clustered in the city鈥檚 northside. Districtwide, about a third of Minneapolis students are Black. At the campuses where ShotSpotter sensors were disclosed, nearly two-thirds of students are Black. 

The roughly 33,000-student district operates just shy of 100 schools. It鈥檚 unclear whether the devices were placed at a limited number of district locations or whether information about other campuses that serve as ShotSpotter hosts were spared in the data leak. Though police said ShotSpotter alerted them to the recent drive-by shooting 鈥� along with calls from educators 鈥� the leaked contracts don鈥檛 outline a sensor location at the district鈥檚 administrative offices. 

While the specific locations of ShotSpotter sensors citywide haven鈥檛 been publicly disclosed, residents are well aware of their presence in certain neighborhoods, said Marika Pfefferkorn, a Twin Cities-based student privacy advocate and executive director of the Midwest Center for School Transformation. Yet the devices, she said, haven鈥檛 done enough to keep people safe. 

鈥淚t鈥檚 not preventing the shots (from being) fired,鈥� Pfefferkorn said. 鈥淲e鈥檙e still losing our young people.鈥�

In Minneapolis, homicides have surged by 166% since 2019 and the number of gunshot victims has more than doubled, . More than four-fifths of shooting victims in the city are Black, according to the data, as are 89% of suspects. 

Outside Minneapolis, three school districts 鈥� one in Texas and two in Massachusetts 鈥� have purchased ShotSpotter services, according to GovSpend.

In 2021, the Newark, New Jersey, school district agreed to install the sensors on 30 school buildings in predominantly Black neighborhoods, . Information about the agreement was removed from the school system鈥檚 website after the school board received an email inquiry from the education news outlet. 

In a 2022 email also exposed in the Minneapolis data breach, a ShotSpotter employee declined to disclose to a school district facilities official the on-campus locations of its censors, arguing that could allow the information to 鈥渇all into the wrong hands.鈥� 

鈥淚f the location of all sensors became known to the public,鈥� the employee wrote, 鈥渃riminals would have the capability to disable the gunshot location and detection functionality of the system, or otherwise seriously compromise the law enforcement utility of the system.鈥�

As communities nationwide debate efforts to bolster security in school buildings, parents are demanding a seat at the table, said Kenneth Trump, president of the Cleveland-based National School Safety and Security Services. 

鈥淧arents expect authentic, transparent communication from school officials,鈥� he said. When schools and cities equip communities with emerging security technology, officials 鈥渉ad better be transparent about expectations and limitations, and I鈥檓 not sure that鈥檚 occurring.鈥� 

Ultimately, it鈥檚 up to the City of Minneapolis to assess whether the sensors work as intended, said Nelson of the ACLU鈥檚 Minnesota chapter. 

鈥淲ithout strict limitations and auditing, we can never really be certain that it鈥檚 not being abused,鈥� she said. 鈥淭here needs to be more transparency and more assurances that it鈥檚 not going to be abused.鈥�

It took two years of middle school girls accusing their Minneapolis English teacher of eyeballing their bodies in a 鈥渨eird creepy way,鈥� for district investigators to substantiate their complaints.

Their drawn-out response is revealed in confidential and highly sensitive Minneapolis Public Schools investigative records that are now readily available online 鈥� just one folder in a trove of tens of thousands of leaked files that outline campus rape cases, child abuse inquiries, student mental health crises and suspension reports. 

The files, purportedly stolen from the Minneapolis school district, first appeared online in March, just days after a ransomware gang named Medusa announced the school system failed to pay $1 million to keep its information from getting posted to the web. 

In a leaked 2018 email, a district official seems to make light of the frequency of civil rights complaints after several girls accused their high school Arabic teacher of inappropriate touching. 

鈥淲hen it rains, it pours, I guess!鈥� the district official wrote. In other documents, an educator was accused of buying a colleague a lap dance during an afterwork outing to a strip club and, in a separate incident, a district technology specialist was accused of hacking into a girl鈥檚 social media to stalk her on a date. The veracity of the files hasn鈥檛 been confirmed by Minneapolis schools but by all appearances, they expose a shocking degree of information about current students and staff. 

The information is so searingly personal that attorney and student privacy consultant Amelia Vance said she would have a hard time strategizing a mitigation response. 

鈥淚鈥檓 an expert in this and I have no idea,鈥� Vance, president of the Public Interest Privacy Center, told 社区黑料. 

The records were uncovered in an analysis by 社区黑料 of a cache of files reportedly stolen from Minneapolis schools and uploaded to the internet after the district fell victim to what it euphemistically described as an 鈥渆ncryption event.鈥� The Medusa gang, a that adopts a clumsy, perhaps youthful online persona, ultimately took credit for the February breach that led to . 

The vast records 鈥� more than 189,000 individual files totaling 143 gigabytes 鈥� also offer a remarkable level of raw insight into the district鈥檚 civil rights investigation process for sexual assault and racial discrimination complaints and detailed information on campus security and other district operations that many school systems seek to keep under wraps. In total, they highlight the attack鈥檚 severity and the extent to which students鈥� and employees鈥� sensitive information is vulnerable to abuse. 

Minnesota-based student privacy advocate Marika Pfefferkorn said she鈥檚 already heard from multiple concerned parents whose children had their sensitive information caught up in the breach, but that district officials have failed to communicate with them about their concerns. 

鈥淥ne of the reasons we have had so many parents reach out to us is because the information (the district) has posted on their website is just like nothing,鈥� Pfefferkorn said. 鈥淚t鈥檚 like it was an afterthought.鈥� 

She鈥檚 also struggled to give meaningful advice to anxious parents who need help. 

鈥淭he conversation that we鈥檙e having is like, 鈥榊our information is going to be out there forever, and the impression of you is also going to be out there forever,鈥欌�� she said. 鈥淚 don鈥檛 know the advice that I need to be giving them other than, 鈥榊ou need to be aware of what鈥檚 happening and communicate with the district what your expectations are.鈥� 

鈥楢 rock over their head鈥�

While the oldest breached records span back to at least 2018, the most recent files, including several related to confidential civil rights cases, are from earlier this year. Some of the files 鈥� which were previewed in a 50-minute video 鈥� can be read with little more than a Google search. 

The way the files were uploaded is 鈥減art of what makes this incident so heartbreaking and extraordinary,鈥� Vance said. 

Breaking from standard procedure for data leaks, the stolen Minneapolis records weren鈥檛 published to the dark web. Instead, as 社区黑料 first revealed, download links were published to Telegram, the encrypted instant messaging service, and a faux technology news blog that appears to have direct ties to the ransomware attackers. Unlike breaches posted to the dark web, which require special tools and some know-how to access, Vance said 鈥渢his information is easier to access and potentially easier for people to have follow them around for the rest of their lives.鈥�

The files include district financial records, educators鈥� Social Security numbers and other documents that have long been targets for cyber criminals looking to facilitate identity theft. Yet Vance said the real harm 鈥� and a distinguishing feature 鈥� of the Minneapolis breach is the sheer volume of compromising information about students and staff that has been exposed. 

The district didn鈥檛 respond to a list of questions from 社区黑料. In its , from April 11, interim Superintendent Rochelle Cox said it has completed a review of data 鈥減osted online on March 7 and has contacted many individuals whose information was accessible as a result of this event.鈥� While a small subset of the data was previewed in a video in early March, a download link for the complete archive of stolen district records didn鈥檛 become available until late March. Cox said the district is working with 鈥渆xternal specialists and law enforcement鈥� to review data posted after March 7, but does 鈥渘ot have the results of that investigation.鈥� 

Because the harm from ransomware attacks have long been framed through the lens of identity theft and fraud, robust protections are now in place to help the victims of financial crimes, Vance noted. Parents can freeze their children鈥檚 credit. People can also cancel any credit cards that get caught up in a breach, and districts regularly provide identity theft protection to data breach victims. 

After the release of highly sensitive information, she said there are no clear remedies for something that could be potentially life altering for victims.

鈥淭his becomes a rock over their head for their entire life: 鈥榃hen is someone going to find out about the worst thing that ever happened to me?鈥欌�� Vance said. 鈥淚f I were a parent dealing with this, what on earth do you do next?鈥� 

鈥楶otentially catastrophic鈥� 

Federal law enforcement officials have long advised school districts and other cybercrime victims against paying ransom demands, but the sheer volume and sensitive nature of the breached Minneapolis files has left some experts questioning whether the district made the right call by refusing to pay up. 

鈥淭here are circumstances where 鈥� if you鈥檙e looking at it from a question of, 鈥楬ow do you reduce potential harm and risk and danger to your school community,鈥� 鈥� then doing the unsavory is perhaps the correct choice,鈥� said Doug Levin, the national director of the K12 Security Information Exchange.

Officials generally warn against paying ransoms for several reasons: Negotiating with known criminals may not produce the desired outcome, and offering payments helps finance future crimes. But in this case, Levin said the Minneapolis district was presented with a difficult choice. Even before the records were posted online, the group took extraordinary steps 鈥� including uploading a video to Vimeo 鈥� to publicize sensitive records in what appeared to be a particularly aggressive bid to coerce payment. 

Given how current and diverse the stolen records are, Levin and other experts suspect Medusa infiltrated multiple live computer systems. The freshness of the files, Levin said, means their content may still be accurate and, for bad actors, actionable. 

Calling the Minneapolis breach a 鈥渨orst-case scenario,鈥� he said, 鈥淭he amount of information that was taken and the recency and the scope of it is certainly deeply troubling.鈥�

Minneapolis may be a cautionary tale for districts nationwide who have fallen prey to money-hungry ransomware gangs leveraging 鈥渄ouble-extortion鈥� attacks against schools, hospitals and businesses. In such incidents, which present an alarming evolution from previous strategies, threat actors gain access to a victim鈥檚 computer network, download compromising records and lock the files with an encryption key. Criminals then demand their victim pay a ransom to regain control of their files. Then, if the money doesn鈥檛 materialize, they sell the data or publish it to a leak site. 

Ransomware attacks on U.S. schools have become a primary concern for federal law enforcement officials this year. In January, the federal Cybersecurity and Infrastructure Security Agency in attacks with 鈥減otentially catastrophic impacts on students, their families, teachers and administrators.鈥� Since the pandemic forced students into remote learning, district cyber attacks have been particularly acute. The number of publicly disclosed cybersecurity incidents affecting schools grew from 400 in 2018 to more than 1,300 in 2021, according to that relies on data from Levin’s group. 

Federal law enforcement officials have had several recent victories in tracking down cybercriminals. BreachForums, a popular dark web marketplace where people could buy stolen data, was shuttered after Federal Bureau of Investigation agents in March. The capture of the 20-year-old, who authorities allege operated the forum from his parents鈥� Peekskill, New York, house, sent shock waves through the cybersecurity community and disrupted the global cybercrime ecosystem. In January, federal authorities took control of a prolific ransomware gang鈥檚 leak site and against seven men connected to a Russian-based ransomware group known to target schools. 

In Washington, pending introduced last month seeks to better track cyber incidents in schools and would provide $20 million over two years to help affected systems recover. 

Last year, the school district in Los Angeles, the country鈥檚 second largest, suffered a massive ransomware attack that exposed a trove of compromising information about educators, students and district contractors. In response to investigative reporting by 社区黑料, the Los Angeles district acknowledged the breach included the sensitive mental health records of at least 2,000 current and former students after publicly denying those records were exposed. Last month, data from the Rochester, Minnesota school district was breached after it that forced leaders to cancel classes. shuttered Des Moines, Iowa, schools in January. 

Swift action needed

Taken together, the leaked Minneapolis records offer a startling quantity of compromising information about students and teachers. They also include detailed records about campus security systems that school officials said could place children and educators at a heightened risk of physical danger. 

A single spreadsheet details 699 disciplinary incidents from the 2015-16 school year, listing students鈥� names and a brief description of incidents. One entry claimed a student was 鈥渢hreatening other students鈥� mothers,鈥� and another claimed a student put his hands together in the shape of a gun and said 鈥淚鈥檓 bringing a gun to school tomorrow and shoot.鈥� 

Each of the spreadsheet entries contain pinpoint demographic information about individual students, including their race, gender, whether they鈥檙e in special education, if they鈥檙e homeless or are learning English as a second language. 

One group of files include letters informing disciplined students they could face trespassing charges if they show up on campus, while another includes reports of student maltreatment, including allegations a bus driver hit a student and that a teacher used excessive force. 

Such records could be valuable for blackmail 鈥� and for the police. In 2020, for example, a Florida county sheriff鈥檚 office used sensitive student records to predict which ones were likely to 鈥渇all into a life of crime.鈥� In other cases, police agencies have leaked in data breaches to conduct investigations. 

A separate group of Minneapolis records, purportedly from 2015 to earlier this year, outline nearly 300 individual district equity and civil rights investigations. 

In one case, district investigators found that over the course of several years, a boy coerced a classmate into sexual encounters in exchange for $5 and, in another case, a high school girl reported getting raped in a campus bathroom. In a detailed 2018 complaint, a high school girl accused a male classmate of raping her in a car after a home football game. Yet a district investigator ultimately dropped the complaint because the girl declined an interview and the official was 鈥渦nable to ascertain her credibility based only on her written statement,鈥� according to breached files. 

In multiple complaints, educators were accused of being racist. Just last year, an English as a second language teacher at a Minneapolis high school was accused of racial harassment when she reportedly used the name of a Somali student and a cartoon of a woman wearing a hijab in a class presentation. The slide defined the idiom 鈥渢o have a bone to pick鈥� and the teacher reportedly asked the student to read to the class a description of the term with her name attached: 鈥�(redacted) never comes to class on time; she leaves class without permission, is affecting her peers, her grades and is disrespectful to her peers.鈥� 

In January, a complaint accused a high school coach of making a transphobic joke and openly discussed his genitals. While he was stretching in front of a group of female athletes, the complaint alleges, he warned them that he was wearing 鈥渧ery short shorts鈥� and instructed them to 鈥渓et me know if my junk falls out.鈥� 

In a case from January, the middle school English teacher accused of gazing at students鈥� bodies and touching them inappropriately was placed on paid administrative leave while district investigators conducted their inquiry. Investigators determined the complaint was substantiated, but the middle school鈥檚 website still lists the teacher in its staff directory. A district spokesperson did not respond to questions about whether the teacher faced disciplinary action or his current status.

Given the many ramifications, Levin said the breach demands swift action to ensure the safety of the school community and to prevent something like this from happening again. He said the Minneapolis school board 鈥� or even state authorities 鈥� need to launch a prompt investigation. 

鈥淪tates do intervene in school systems when they鈥檙e being financially irresponsible or even academically irresponsible,鈥� Levin said. 鈥淚t may be that Minneapolis is not equipped to deal with the fallout from an incident like this.鈥� 

A download link was published Tuesday night on a website designed to resemble a technology news blog 鈥� an apparent front 鈥� and, by Wednesday morning, download links began to appear on Telegram, the encrypted instant messaging service that鈥檚 been and . 社区黑料 is still working to confirm the contents of the large, roughly 92-gigabyte file.

Still, the available download is significantly smaller than the 157 terabytes 鈥� there are 1,000 gigabytes in one terabyte 鈥� the Medusa ransomware gang claims it stole from the district, according to a file tree posted this month to the criminal group鈥檚 dark web blog. That file tree suggests the records contain a significant amount of sensitive information, including student sexual violence allegations, district finances, student discipline, special education, civil rights investigations, student maltreatment and sex offender notifications. 

鈥淭oday, the hacker group 鈥楳edusa鈥� gave me data for publication that will become a hit,鈥� notes a post on the faux technology news blog, which appears to have a direct tie to the ransomware group. The author offered a rant accusing district leaders of failing to maintain sufficient data security procedures while attempting to distance himself from illegal activities.

鈥淪omeone will tell me that this cannot be published. I will answer this simply 鈥� the only way to change rotten systems is to publicly show that they are extremely unsuitable for further use. If you don鈥檛 focus on the problems, they accumulate. I hope that the board of trustees of this organization will make the right decision on the current management of the organization.鈥� 

Though the full scope of the breach remains unclear, current and former Minneapolis families and district employees should take immediate steps to protect themselves, cybersecurity experts said. 

鈥淚f I was a parent at this school district, or a teacher, I would assume that my data and information had been compromised and act accordingly,鈥� said Brett Callow, a threat analyst with the cybersecurity company Emsisoft. Identity theft is a primary risk that data breach victims face, Callow said, so people should consider freezing their credit and 鈥渁t the very least, being extra vigilant and looking more closely at your transactions than you normally would.鈥� 

It鈥檚 also a good time for people to implement two-factor authentication on accounts when possible and avoid reusing passwords across multiple services, said Doug Levin, an expert in K-12 cybersecurity incidents and national director of the K12 Security Information eXchange

Yet for people whose sensitive personal records are now available, including those related to student sexual misconduct incidents, experts said, there are no easy remedies. Potential victims should consider seeking mental health counseling, Levin said, or to create an action plan if they become the target of harassment. 

鈥淥nce that genie is out of the bottle, it is very difficult to get it back in,鈥� Levin said. 鈥淚 don鈥檛 know what the school district could do to comfort those individuals or even provide them a recourse. Credit monitoring is not going to be helpful. What is at risk is their well-being, their reputation.鈥� 

The Minneapolis district, which has been criticized for how it publicly communicated information about a ransomware attack it first referred to as an 鈥渆ncryption event,鈥� that the ransomware group had released the stolen records on the dark web, 鈥渁 part of the internet accessible only with special software that allows users to remain untraceable.鈥� 

鈥淲e are working with cybersecurity specialists to quickly and securely download the data so that we can conduct an in-depth and comprehensive review to determine the full scope of what personal information was impacted and to whom the information relates,鈥� the district update continued. 

However, that statement appeared premature. After a countdown clock reached zero on Medusa鈥檚 dark web blog Friday, the files weren鈥檛 readily available for download. Instead, a 鈥淒ownload data now!鈥� button directed users to contact the gang through an encrypted instant-messaging protocol. 

District officials didn鈥檛 respond to requests for comment from 社区黑料 Wednesday. Attempts by 社区黑料 to reach the gang have been unsuccessful. 

Instead of uploading district files to the dark web blog, a download link to the Minneapolis data is available in the Telegram channel and on the faux tech news blog, which is not relegated to the dark web, does not require special tools to access and can be found through a Google search. The site also includes a 50-minute video offering a preview of files within the gang鈥檚 possession. 

In posting the download link to the 鈥渃learnet鈥� 鈥� a publicly accessible website that鈥檚 indexed by search engines 鈥� Medusa may have lowered the technical bar for people who are interested in downloading and viewing the stolen records. But at some 92 gigabytes, Levin said the file鈥檚 size may serve as a barrier to access to cyber criminals interested in exploiting the information 鈥� and to district officials who are investigating the breach and attempting to alert those whose information has been exposed.

Comments on the Telegram channel suggest there is interest in the stolen records. Since last week, Telegram users have questioned when the file download would become available. By Wednesday afternoon, Telegram posts with links to the district data amassed more than 400 views. Viewing the links doesn鈥檛 necessarily mean the data was downloaded.

鈥淗ey, how can I see the mps stuff,鈥� one Telegram user asked in the ransomware group鈥檚 channel. 鈥淚鈥漨 hoping I鈥檓 not on there. I attend school and work at this district.鈥� 

The Telegram user, who identified themselves to 社区黑料 as an 18-year-old Minneapolis high school student, said they were trying to download the data due to concerns that it could contain their Social Security number or other sensitive information. 

Among a list of safety precautions, the district has urged the community to refrain from downloading the breached data, arguing that doing so 鈥減lays into the cybercriminals鈥� hands by drawing attention to the information and increasing our community鈥檚 fear and panic.鈥� 

The district has also warned people against responding to suspicious emails or phone calls due to phishing risks and urged people to change their passwords. On Friday, the district said it was working to identify which records were compromised and planned to notify affected individuals at the end of a process that 鈥渨ill take some time.鈥� 

Callow said that ransomware victims should take a proactive approach to notifying those whose data was potentially stolen, rather than waiting until investigations are concluded. 

鈥淚 would much prefer to see organizations preemptively warn people that their data may have been compromised so that they can be cautious. Forewarned is forearmed, as they say,鈥� Callow said. 鈥淚f my personal information may have been compromised, I would want to know straight away.鈥�

Early Friday morning, after the Medusa gang鈥檚 countdown clock on the ransom deadline struck zero, the files weren鈥檛 readily available for download on its dark web leak site. Instead, a 鈥淒ownload data now!鈥� button directs users to contact the ransomware gang through an encrypted instant-messaging protocol. Attempts by 社区黑料 to reach the gang have been unsuccessful.

Files from previous Medusa victims are available on a website designed to resemble a technology news blog 鈥� a front of sorts. Unlike the Medusa blog, this site is not relegated to the dark web and does not require special tools to access. Download links are also posted in a channel on Telegram, the encrypted social media service that鈥檚 been and . Yet as of Friday afternoon, the files purportedly stolen from the Minneapolis district were not available for download on either platform. 

Data breaches from previous victims appear to be uploaded to the faux technology news blog about a month after their ransom expires, suggesting that the Minneapolis files could become available online after a brief lag. 

Still, in a statement on Friday, the district said it 鈥渋s aware that the threat actor has released certain MPS data on the dark web today.鈥� 

鈥淲e are working with cybersecurity specialists to quickly and securely download the data so that we can conduct an in-depth and comprehensive review to determine the full scope of what personal information was impacted and to whom the information relates,鈥� the district continued. 鈥淭his will take some time. You will be contacted directly by MPS if our review indicates that your personal information has been impacted.鈥� 

Early indications suggest the files contain a significant volume of sensitive information about students and staff. Leading up to the Friday deadline, Medusa posted a short-lived video to Vimeo that previewed the files in its possession and published a file tree on its dark web blog that purportedly showed the names of the compromised documents. The file tree suggests those records involve student sexual violence allegations, district finances, student discipline, special education, civil rights investigations, student maltreatment and sex offender notifications. As of Friday afternoon, the dark web blog post showing the file tree had amassed more than 3,100 page views. 

Should the files become available at some point, an analysis of the file tree points to the trove of stolen records being extensive. The file tree lists more than 172,000 individual records including large backup files. Though it鈥檚 unclear how many of the documents contain personally identifiable information and other sensitive data, the files add up to a startling 157 terabytes. 

鈥淵ikes, that鈥檚 a lot,鈥� said Doug Levin, an expert in K-12 cybersecurity incidents and national director of the K12 Security Information eXchange. 鈥淚t鈥檚 a very significant exfiltration.鈥� 

By comparison, last year the Los Angeles Unified School District suffered a ransomware attack and a cache of stolen district files 鈥� including thousands of current and former students鈥� sensitive mental health records 鈥� were uploaded to a dark web leak site. The files in that leak, which drew national attention to cybersecurity vulnerabilities in K-12 schools, total some 500 gigabytes. There are 1,000 gigabytes in one terabyte. 

The records stolen from the Los Angeles school district could fit on the hard drive of just one laptop. The scope of records stolen in Minneapolis, meanwhile, are more akin to 鈥渆ntire IT systems,鈥� said Levin, who was especially concerned about the breach of district backup files. 鈥淵ou鈥檙e probably looking at some of the more sensitive data that the district maintains 鈥� sensitive enough that they are backing it up and maintaining those files.鈥� 

The data leak deadline comes a little more than a week after Medusa listed the district on its dark web blog and two weeks after Minneapolis school officials attributed with its computer system to an 鈥渆ncryption event.” That euphemistic characterization left the public in the dark about the incident鈥檚 severity, cybersecurity analysts and community members said.

Such experts said Medusa鈥檚 pre-leak efforts were a particularly aggressive attempt to increase public attention around the attack and coerce the district to meet its ransom demand. 

Medusa鈥檚 decision to upload its stolen files to the faux technology news blog is likely a tactic to elevate the privacy risks to potential data breach victims and convince hacked organizations to pay the ransom, said Brett Callow, a threat analyst with the cybersecurity company Emsisoft. 

Despite Medusa鈥檚 extensive steps to publicize the ransomware attack prior to the Friday deadline, the group has been  鈥渦nusually uncommunicative,鈥� since the clock struck zero and its dark web blog listed the Minneapolis records as published, Callow said. The cyber expert said he also reached out to the group Friday to inquire about the Minneapolis breach but didn鈥檛 receive a response. 

People who don鈥檛 work in cybersecurity may not know how to access dark web sites, he said, while the technology news blog is more accessible to the general public. Therefore, dark web sites 鈥渨ould concern organizations less than the data being released from the “clearnet” where it is easily accessible and links to it can be shared via Twitter and other social platforms. It鈥檚 much easier for people to access.鈥�

Callow agreed the volume of data purportedly stolen from the Minneapolis district constitutes an outlier among ransomware attacks 鈥� but he offered a caution. 

鈥淛ust because they published a file tree doesn鈥檛 mean they necessarily obtained all of the data it shows in that tree,鈥� he said, noting that organizations like school districts can shut hackers out of their systems if they鈥檙e caught in the act. 

In a March 9 statement, the district said it had 鈥渢aken a stance against these criminals and has fully restored our systems without the need to cooperate with the criminal.鈥� 

During a school board meeting Tuesday, interim Superintendent Rochelle Cox said the district鈥檚 computer network 鈥渨as infected with an encryption virus that was first discovered鈥� Feb. 18. Secure backups allowed the district to restore many of its systems, Cox said, and while sensitive data has now been released publicly, the district is unaware of any evidence that the information has been leveraged by criminals to commit fraud. Once the district identifies impacted individuals, Cox said it will provide them with credit monitoring and identity protection services. 

Yet as Cox credited the district鈥檚 technology department for responding swiftly to restore district systems after the attack, Levin, the K-12 cybersecurity expert, said the sheer volume of files purportedly stolen point to the threat actors possibly lurking around inside the MPS computer systems for weeks 鈥� if not months. 

鈥淓xfiltrating this amount of data without detection certainly is concerning,鈥� Levin said. 鈥淭his sort of mass exfiltration is something that cybersecurity experts look for when they are defending systems and this is certainly not something that is downloaded in an hour or two.鈥�

As the district works to analyze the scope of the attack, it’s advising district families and staff to avoid interacting with suspicious emails or phone calls, to change their passwords and warned them against downloading any data released by cyber criminals because it plays into their hands 鈥渂y drawing attention to the information and increasing our community鈥檚 fear and panic.鈥� 

The will air after a countdown clock on the Medusa cyber gang’s dark web leak site strikes zero at about 4 a.m. ET Friday. The leak site suggests the Minneapolis school district’s window to meet a $1 million ransom demand will then close and a trove of district data, which appears to include a significant volume of sensitive student and educator records, will become available online.

社区黑料鈥檚 earlier reporting documented that Medusa鈥檚 tactics, which included posting a since-removed video previewing what appeared to be the stolen documents in its possession, were more aggressive and more marketing-savvy than those generally seen in other school district cyber attacks. 

A preliminary review of the gang鈥檚 dark web leak site by 社区黑料 suggest the compromised files include a sizable volume of sensitive documents, including records related to student sexual violence allegations, district finances, student discipline, special education, civil rights investigations, student maltreatment and sex offender notifications.

The Minneapolis Public Schools, which came under fire for referring to the February breach as an 鈥渆ncryption event,鈥� has not released any additional information since a March 9 statement posted on its web site. In it, school leaders indicate they don鈥檛 intend to deal with Medusa to get their now-encrypted data back.

鈥淲e have taken a stance against these criminals and are restoring our systems without the need to cooperate with them. As our response continues, we continue to work with and align with the best practices provided by federal law enforcement.鈥�

Medusa is apparently a popular name among threat actors. The group that struck Minneapolis schools, according to , Bleeping Computer,  got its start in June 2021, but upped its profile this year by increasing its ransomware activity and launching its ‘Medusa Blog’ leak site to publish victims鈥� data.

A ransomware gang called Vice Society attempted to extort the Los Angeles Unified School District last year after it broke into the district鈥檚 computer network and made off with some 500 gigabytes of district files. When the district refused to pay an undisclosed ransom, Vice Society uploaded the records to its dark web leak site. 

District officials sought to downplay the attack鈥檚 effects on students. But an investigation by 社区黑料 found thousands of students鈥� comprehensive and highly sensitive mental health records had been exposed. The district then acknowledged Feb. 22 that some 2,000 student psychological assessments 鈥� including those of 60 current students 鈥� had been leaked.

While districts nationwide have become victims in in the last several years, cybersecurity experts said the extortion tactics leveraged against the Minneapolis district are particularly aggressive and an escalation of those typically used against school systems to coerce payments.

In a dark web blog post and an online video uploaded Tuesday, the ransomware gang Medusa claimed responsibility for conducting a February cyberattack 鈥� or what Minneapolis school leaders euphemistically called an 鈥渆ncryption event鈥� 鈥� that led to . The blog post gives the district until March 17 to hand over $1 million. If the district fails to pay up, criminal actors appear ready to post a trove of sensitive records about students and educators to their dark web leak site. The gang鈥檚 leak site gives the district the option to pay $50,000 to add a day to the ransom deadline and allows anyone to purchase the data for $1 million right now.

On the video-sharing platform Vimeo, the group, calling itself the Medusa Media Team, posted a 51-minute video that appeared to show a limited collection of the stolen records, making clear to district leaders the sensitive nature of the files within the gang鈥檚 possession. 

鈥淭he video is more unusual and I don鈥檛 recall that having been done before,鈥� said Brett Callow, a threat analyst with the cybersecurity company Emsisoft. 

A preliminary review of the gang鈥檚 dark web leak site by 社区黑料 suggest the compromised files include a significant volume of sensitive documents, including records related to student sexual violence allegations, district finances, student discipline, special education, civil rights investigations, student maltreatment and sex offender notifications. 

The video is no longer available on Vimeo and a company spokesperson confirmed to 社区黑料 that it was , which prohibits users from uploading content that 鈥渋nfringes any third party鈥檚鈥� privacy rights. 

As targeted organizations decline to pay ransom demands in efforts to recover stolen files, Callow said the threat actors are employing new tactics 鈥渢o improve conversion rates.鈥�

鈥淭his is likely just an experiment, and if they find this works they will do it more frequently,鈥� Callow said. 鈥淭hese groups operate like regular businesses, in that they A/B test and adopt the strategies that work and ditch the ones that don鈥檛.鈥� 

Here鈥檚 a snippet of the video鈥檚 introduction (with all sensitive records omitted):

The Minneapolis school district hasn鈥檛 acknowledged being a ransomware victim, while Callow and other cybersecurity experts have been harshly critical of how it has disclosed the attack to the public. In , the district attributed 鈥渢echnical difficulties鈥� with its computer systems to the referenced 鈥渆ncryption event,鈥� a characterization that experts blasted as creative public relations that left potential victims in the dark about the incident鈥檚 severity. 

The district 鈥渉as not paid a ransom鈥� and an investigation into the incident 鈥渉as not found any evidence that any data accessed has been used to commit fraud,鈥� school officials said in the March 1 statement.  

In a statement to 社区黑料 Tuesday, the district said it 鈥渋s aware that the threat actor who has claimed responsibility for our recent encryption event has posted online some of the data they accessed.鈥� 

鈥淭his action has been reported to law enforcement, and we are working with IT specialists to review the data in order to contact impacted individuals,鈥� the statement continued.

Minnesota-based student privacy advocate Marika Pfefferkorn called on the district to be more forthcoming as it confronts the attack. 

鈥淔irst and foremost, they owe an apology to the community by not being explicit right away about what was happening,鈥� said Pfefferkorn, executive director of the Midwest Center for School Transformation. 鈥淏ecause they haven鈥檛 communicated about it, they haven鈥檛 shared a plan about, 鈥楬ow will you address this? How will you respond?鈥� Not knowing how they are going to respond makes me really nervous.鈥�

School cybersecurity expert Doug Levin, the national director of the K12 Security Information eXchange, said that district officials appear to have coined the term 鈥渆ncryption event,鈥� but available information suggests the school system was the victim of 鈥渃lassic double extortion,鈥� an exploitation technique that鈥檚 become popular among ransomware gangs in the last several years. 

With its video and dark web blog, Medusa may have spent 鈥渁 little more time and energy鈥� than other ransomware groups in presenting the stolen data in a compelling package, 鈥渂ut the tactics seem to be the same,鈥� Levin said. 鈥淣ow that we have a group coming forward with compelling evidence that they have exfiltrated data from the system and it鈥檚 actively extorting them, that鈥檚 all I would need to know to classify this as ransomware.鈥�

In double extortion ransomware attacks, threat actors gain access to a victim鈥檚 computer network, download compromising records and lock the files with an encryption key. Criminals then demand their victim pay a ransom to regain control of their files. Then, if a ransom is not paid, criminals sell the data or publish the records to a leak site. 

Such a situation recently played out in the Los Angeles Unified School district, the nation鈥檚 second-largest school system. Last year, the ransomware gang Vice Society broke into the district鈥檚 computer network and made off with some 500 gigabytes of district files. When the district refused to pay an undisclosed ransom, Vice Society uploaded the records to its dark web leak site. 

District officials have sought to downplay the attack鈥檚 effects on students. But an investigation by 社区黑料 found thousands of students鈥� comprehensive and highly sensitive mental health records had been exposed. The district then acknowledged Feb. 22 that some 2,000 student psychological assessments 鈥� including those of 60 current students 鈥� had been leaked.

Districts that become ransomware targets could face significant liability issues. Earlier this month, the education technology company Aeries Software a negligence lawsuit after a data breach exposed records from two California school districts. District families accused the software company of failing to implement reasonable cybersecurity safeguards. 

Federal authorities have made progress in curtailing cybercriminals. In January, authorities seized control of a prolific ransomware gang鈥檚 leak site and earlier this month officials with ties to a Russian-based ransomware group that鈥檚 known to target schools. 

At least 11 U.S. school districts have been the victims of ransomware attacks so far in 2023, according to Emsisoft research. Last year, 45 school districts and 44 colleges. 

In Minneapolis, a lack of transparency from the district could put affected students and staff at heightened risk of exploitation, Emsisoft鈥檚 Callow said. 

鈥淭here absolutely are times when districts have to be cautious about the information they release because it is the source of an ongoing investigation,鈥� he said. 鈥淏ut calling something a ransomware incident as opposed to an encryption event really isn鈥檛 problematic. Nor is telling people their personal information may have been compromised.鈥�

Pfefferkorn, the Minneapolis student privacy advocate, said she鈥檚 concerned about the amount of data the school district collects about students and worries it lacks sufficient cybersecurity safeguards to keep the information secure. She pointed to Minneapolis schools鈥� since-terminated contract with the digital student surveillance company Gaggle, which monitors students online and alerts district officials to references about mental health challenges, sexuality, drug use, violence and bullying. 

The district said it adopted the monitoring tool in a pandemic-era effort to keep kids safe online, but the unauthorized disclosure of Gaggle records maintained by the district could make them more vulnerable, she said. 

There鈥檚 little recourse, she said, for students and educators whose sensitive records were already leaked by Medusa. 

鈥淚t鈥檚 already out there and that cannot be repaired,鈥� she said. 鈥淭here鈥檚 information out there that鈥檚 going to impact them for the rest of their lives.鈥�

Hours after the publication of this article Friday, The Trevor Project announced in a tweet it would return a $25,000 donation from the student surveillance company Gaggle, acknowledging widespread concerns about the monitoring tool鈥檚 鈥渞ole in negatively impacting LGBTQ students.鈥�

鈥淥ur philosophy is that having a seat at the table enables us to positively influence how companies engage with LGBTQ young people, and we initially agreed to work with Gaggle because we saw an opportunity to have a meaningful impact to better protect LGBTQ students,鈥� the nonprofit said in the statement. 鈥淲e hear and understand the concerns, and we hope to work alongside schools and institutions to ensure they are appropriately supporting LGBTQ youth and their mental health.鈥� 

The move came after widespread condemnation on social media, with multiple supporters threatening to pull their donations to The Trevor Project moving forward. 

In a Friday statement, Gaggle spokesperson Paget Hetherington said the company wanted The Trevor Project鈥檚 鈥済uidance on how to do what we do better.鈥� The company also where it previously touted the partnership. 

鈥淲e鈥檙e disappointed that The Trevor Project has decided to pause our collaboration,鈥� she said. 鈥淗owever, we are grateful for the opportunity we have had to learn and work with them and will continue with our mission of protecting all students regardless of how they identify.鈥� 

Original report below:

Amid warnings from lawmakers and civil rights groups that digital surveillance tools could discriminate against at-risk students, a leading nonprofit devoted to the mental well-being of LGBTQ youth has formed a financial partnership with a tech company that subjects them to persistent online monitoring. 

, The Trevor Project, a high-profile nonprofit focused on suicide prevention among LGBTQ youth, began to list Gaggle as on its website, disclosing that the controversial surveillance company had given them between $25,000 and $50,000 in support. Meanwhile Gaggle, which uses artificial intelligence and human content moderators to sift through billions of student chat messages and homework assignments each year in search of students who may harm themselves or others, noting the two were collaborating to 鈥渋mprove mental health outcomes for LGBTQ young people.鈥� 

Though the precise contours of the partnership remain unclear, a Trevor Project spokesperson said it aims to have a positive influence on the way Gaggle navigates privacy concerns involving LGBTQ youth while a Gaggle representative said the company sees the relationship as a learning opportunity.

Both groups maintain that the partnership was forged in the interests of LGBTQ students, but student privacy advocates argue the relationship could undermine The Trevor Project鈥檚 work while allowing Gaggle to use the donation to counter criticism about its potential harms to LGBTQ students. The collaboration comes at a particularly perilous time for many students as a rash of states implement new anti-LGBTQ laws that could erode their privacy and expose them to legal jeopardy. 

Teeth Logsdon-Wallace, a 14-year-old student from Minneapolis with first-hand experience of Gaggle鈥檚 surveillance dragnet, said the deal could eliminate any motivation for Gaggle to change its business practices. 

鈥淚t really does feel like a 鈥榃e paid you, now say we鈥檙e fine,鈥� kind of thing,鈥� said Logsdon-Wallace, who is transgender. Without any real incentives to implement reforms, he said that Gaggle鈥檚 鈥渟eal of approval鈥� from The Trevor Project could offer the privately held company reputational cover amid growing concerns that such surveillance tech is disproportionately harmful to LGBTQ youth. 

鈥淧eople who want to defend Gaggle can just point to their little Trevor Project thing and say, 鈥楽ee, they have the support of 鈥淭he Gays鈥� so it鈥檚 fine actually,鈥� and all it does is make it easier to deflect and defend actual issues with Gaggle.鈥� 

Following an investigation by 社区黑料 into Gaggle鈥檚 monitoring practices, the company . Gaggle鈥檚 algorithm relies on keyword matching to compare students鈥� online communications against a dictionary of thousands of words the company believes could indicate potential trouble, including references to violence, drugs and sex. Among the keywords are 鈥済ay鈥� and 鈥渓esbian,鈥� verbiage the company maintains is necessary because LGBTQ youth are more likely than their straight and cisgender peers to consider suicide. 

But privacy and civil rights advocates have accused the company of discrimination by subjecting LGBTQ youth to heightened surveillance 鈥� a concern that has taken on new meaning this year as states like Florida adopt laws that ban classroom discussions about sexuality and LGBTQ youth to their parents.  

A by the nonprofit Center for Democracy and Technology found that while Gaggle and similar student monitoring tools are designed to keep students safe, teachers reported that they were more often used to discipline them. LGBTQ youth were disproportionately affected. 

In a statement, a Trevor Project spokesperson said it鈥檚 important that digital monitoring tools keep students safe without invading their privacy and that the collaboration was built on Gaggle鈥檚 鈥渄esire to identify and address privacy and safety concerns that their product could cause for LGBTQ students.鈥� 

鈥淚t鈥檚 true that LGBTQ youth are among the most vulnerable to the misuse of this kind of safety monitoring 鈥� many worry that these tools could out them to teachers or parents against their will,鈥� the statement continued. 鈥淚t is because of that very real concern that we have worked in a limited capacity with digital safety companies 鈥� to play an educational role and have a seat at the table so they can consider these potential risks while they design their products and develop policies.鈥� 

But it remains unclear what policy changes have occurred at Gaggle as a result of the deal. Without offering any specifics, Gaggle spokesperson Paget Hetherington said in a statement the company is 鈥渉onored to be able to align with The Trevor Project to better serve LGBTQ youth,鈥� and that the company is 鈥渁lways looking for ways to learn and to improve upon what we do to better support students and keep them safe.鈥� 

鈥楩aceless bureaucracy鈥� 

At its core, the partnership between Gaggle and The Trevor Project makes sense because both work to prevent youth suicides, said Amelia Vance, the founder and president of . But their approaches to solving the problem, she said, are fundamentally different. 

By combing through digital materials on students鈥� school-issued Microsoft and Google accounts, Gaggle seeks to alert educators 鈥� and in some cases the police 鈥� of students’ online behaviors that suggest they might harm themselves or others.

鈥淚t really is about collecting details that kids may not be voluntarily sharing 鈥� information that they may be looking up to learn, to explore their identities, to otherwise help them in their day-to-day lives,鈥� Vance said. At The Trevor Project, 鈥測ou have proactive outreach from youth who know that they need help or they need a community.鈥� 

The West Hollywood-based Trevor Project, which and funding from including Macy鈥檚 and AT&T, was founded in 1998 and in contributions in 2020. Gaggle, founded in 1999, does not publicly report its finances. The Dallas-based company says it monitors the digital communications of more than 5 million students across more than 1,500 school districts nationally. 

The Trevor Project to train volunteer crisis counselors and assess the risk levels of people who reach out to for help. If counselors with The Trevor Project believe a student is at imminent suicide risk, to call the police. But it鈥檚 ultimately up to youth to decide which information they share with adults. 

It鈥檚 important for LGBTQ students to have trusting adults with whom they can confide their experiences, Vance said, rather than a system where 鈥渟ome faceless bureaucracy is finding out and informing your parents鈥� about information they intended to keep private. 

A by The Trevor Project offers troubling data about the realities of the youth suicide crisis. Nearly half of LGBTQ youth said they seriously considered attempting suicide in the past year and 14% said they made a suicide attempt. 

This isn鈥檛 the first time The Trevor Project has faced scrutiny in recent months for its ties to companies that could have detrimental effects on LGBTQ youth. In July, a HuffPost investigation revealed that CEO and Executive Director Amit Paley previously and helped create a strategic plan to boost opioid sales amid an addiction epidemic 鈥� one that鈥檚 in suicide attempts among LGBTQ youth. 

The group knows firsthand how data can be weaponized. Just last month, that target the transgender community launched a campaign to clog up The Trevor Project鈥檚 suicide prevention hotline. 

Persistent student surveillance could exacerbate the challenges that LGBTQ youth face by subjecting them to disproportionate discipline and erroneously flagging their online communications as threats, Democratic Sens. Elizabeth Warren and Ed Markey warned in an April report. 

Nearly a third of LGBTQ students say they or someone they know has experienced the nonconsensual disclosure of their sexual orientation or gender identity 鈥� typically called 鈥渙uting鈥� 鈥� due to student activity monitoring, by the nonprofit Center for Democracy and Technology. They were also more likely than their straight and cisgender peers to report getting into trouble at school and being contacted by the police about having committed a crime. 

In response to the survey results, a coalition of civil rights groups called on the U.S. Education Department to condemn the use of activity monitoring tools that violate students鈥� civil liberties and to state its intent 鈥渢o take enforcement action against violations that result in discrimination.鈥� The letter argues that using the tools to out LGBTQ students or to subject them to disproportionate discipline and criminal investigations could violate Title IX, the federal law prohibiting sex-based discrimination in schools. 

Among the letter signatories is the nonprofit LGBT Tech, which about the harms of digital surveillance on LGBTQ people. Christopher Wood, the group鈥檚 co-founder and executive director, said The Trevor Project鈥檚 partnership with Gaggle could be positive if it鈥檚 used to ensure that LGBTQ youth who are struggling have access to help. But once Gaggle gives student information to school administrators, the company can no longer control how those records are used, he said. 

鈥淚f that information is provided to someone who is not accepting, who has very different views and who willfully brings their political, personal or religious views into the school system, and they are not supportive of LGBTQ youth, then what they鈥檝e done is harm the student,鈥� Wood said. 

Yet as schools increasingly turned to student activity monitoring software during the pandemic, The Trevor Project portrayed their growth as an inevitable result of districts seeking 鈥渢o avoid liability issues.鈥�  

鈥淚t is our stance that since these tools are not going anywhere, we think it鈥檚 important to do our part to offer our expertise around LGBTQ experiences,鈥� the spokesperson said. 

The power of trust

In interviews, students flagged by Gaggle said their trust in adults suffered as a result. Among them is Logsdon-Wallace, the 14-year-old transgender student. Before the Minneapolis school district stopped using Gaggle this summer and state lawmakers put strict limits on digital surveillance in schools, the tool alerted district security when he used a classroom assignment to reflect on a previous suicide attempt and how music therapy helped him cope. That same assignment, which included references to his gender identity, was flagged to his parents. 

And while his parents are affirming, he has friends who live in less supportive environments.                                                                                                       

鈥淚 have friends who are queer and/or trans who are out at school but not to their parents,鈥� he said. 鈥淚f they want to be open with teachers, Gaggle can create a bad or even dangerous situation for these kids if their parents were contacted about what they were saying.鈥� 

In The Trevor Project鈥檚 recent survey, nearly three-quarters of LGBTQ youth reported that they have endured discrimination based on their sexual orientation or gender identity, just 37% said their homes are affirming and 55% said the same about their schools. 

Given that reality, reported sharing information about their sexual orientation with teachers or guidance counselors. 

While Gaggle has maintained that keywords like 鈥済ay鈥� and 鈥渓esbian鈥� can also prevent bullying, Logsdon-Wallace said their approach is out of touch with how students generally interact. At school, he said he鈥檚 been called just about every 鈥渟lur for a queer or a trans person that isn鈥檛 from like 80 years ago.鈥� While slurs are common, terms like 鈥渓esbian鈥� are not.

鈥淎s an actual teenager going to an actual public school, those words are not being used to bully people,鈥� he said. 鈥淭hey鈥檙e just not.鈥�

The proposal鈥檚 defeat by a 12-point margin is likely to carry national implications for the debate over policing and racial justice, including in schools. After a Minneapolis cop killed Floyd in 2020, the city school district ended its longstanding contract with the police department and replaced campus officers with non-sworn 鈥減ublic safety support specialists.鈥� Dozens of school districts nationally took similar action in the aftermath of nationwide protests. Yet, in a whiplash move as students resumed in-person learning, education leaders in and have since voted to bring back the police.

Minneapolis Question 2 鈥� voted down by 56 percent of those who turned out in an 鈥� would have amended the city charter to replace the police department with a Department of Public Safety focused on a 鈥渃omprehensive public health approach,鈥� including an emphasis on mental health 鈥� reforms that shared similarities with efforts in the city鈥檚 schools. The ballot measure would have removed from the city charter a minimum required number of police officers and the new agency 鈥渃ould include鈥� cops 鈥渋f necessary.鈥� How the new department would have looked in practice, and the number of police officers it would employ, remained uncertain as voters headed to the polls.

Local parent advocate Khulia Pringle has long fought to remove police from schools but opposed the ballot question, which she noted was divisive among the city鈥檚 Black community. A found that white voters were more likely than Black residents to support the ballot question.

Floyd鈥檚 murder made police reform politically safe, Pringle said, but reform efforts were led primarily by white progressives who didn鈥檛 seek sufficient input from the African-American community before saying, 鈥淗ey, we鈥檝e got this great plan for Black folks.鈥�

鈥淎 lot of Black folks are pretty woke to when the wool is being pulled over their eyes,鈥� said Pringle, the Minnesota-based representative of the National Parents Union. 鈥淭hey got caught up in the moment and threw something out there that had no plan, no nothing. It was inevitable to fail from the beginning.鈥�

About 44 percent of Minneapolis voters sought to replace its police department, an unprecedented shift that highlights in recent years in support of criminal justice reforms. , Yes 4 Minneapolis communications director JaNa茅 Bates said her group, which campaigned to get the question on the ballot, has no plans of giving up. 

鈥淲e took a lesson today that we need to knock even more doors, that we need to talk to even more neighbors, that we need to bust through the disinformation campaign and the big money that says 鈥楴o鈥� when we say 鈥榊es,鈥欌�� Bates said.

More measured police reform efforts found success elsewhere during an election cycle generally seen as a win for conservative causes. Voters in Cleveland, Ohio, for example, that gives citizens greater oversight over police misconduct. In Austin, Texas, a proposal to bolster the city鈥檚 police force. 

Had Minneapolis residents voted to terminate the police department, the school board may have been more likely to form an alliance with the new public safety agency, Pringle said. But without substantive reforms, board members are not expected to resume the police department contract anytime soon, she said. 

鈥淚f it鈥檚 the same agency and there鈥檚 been no major overhaul,鈥� she said. 鈥淚 don’t think that Minneapolis Public Schools is going to go back.”

In a recent interview, former Minneapolis school resource officer Charles Adams III said he opposed the ballot question because the city lacked a firm plan for the future. Adams, who left the police department last year after the school district ended its policing contact, was among former school-based officers included in a recent investigation by 社区黑料 exposing how many had faced disciplinary actions and allegations of civil rights violations, including police brutality, racial discrimination and domestic violence.

As Minnesota residents reckon with this year, the public safety support specialists who replaced school resource officers are 鈥渟tretched thin,鈥� said Adams, who remains the football coach at North High School. The school board took a 鈥渟ocial political stand鈥� when it ended its policing contract but 鈥渏eopardized the safety and the lives of kids in North Minneapolis,鈥� Adams told 社区黑料. 

鈥淏lack lives matter 100 percent,鈥� said Adams, who is Black. 鈥淏ut right now what we鈥檙e doing, the crime is destroying our community.鈥�

The Minneapolis school district didn鈥檛 respond to a request for comment. Minneapolis Police Department spokesman Garrett Parten said his agency would support future efforts to resume the $1.1 million-a-year school resource officers program. 

The police department 鈥渨ould eagerly continue the program should the opportunity be granted and the resources be available,鈥� Parten said in an email, adding that the former contract offered 鈥渁 vibrant, vital program that embodied the essence of community-based policing.鈥� 

As a talent show came to a close in the winter of 2007, hundreds of children and parents poured out of a Minneapolis high school only to be met by the piercing blast of gunfire. 

North High School students and their parents rushed back inside and police raced to investigate the commotion. But the guns and bullet shells were nowhere to be found. A campus security guard who helped in the search, they鈥檇 soon learn, had already stashed them in his pockets and, later, his wife鈥檚 purse. 

Get stories like this delivered straight to your inbox. Sign up for 社区黑料 Newsletter

The weapons turned up that evening outside a gas station a few blocks from the school where the security guard, Kelly Woods, got into a heated altercation with his ex-girlfriend. Police, who observed witnesses screaming 鈥淭hey鈥檝e got a gun,鈥� arrested Woods at gunpoint.

For Woods, the arrest added to a lengthy criminal record, including drug trafficking, auto theft, armed robbery and a federal firearms conviction, which didn鈥檛 stop him from becoming a security guard in charge of protecting students. For police officer Charles Adams III, the security guard鈥檚 colleague at North High, the ordeal became part of his internal disciplinary record. When officials pursued fresh criminal charges against Woods, Adams pressed them to 鈥済o easy鈥� on a man he described as a 鈥済ood guy,鈥� according to police records obtained by 社区黑料. The move infuriated the lead prosecutor on the case. Assistant County Attorney Diane Krenz said it was the first time in her decades-long career an officer had pressured her to go lenient on a suspect, according to the records. The last thing the community needed, she said, were 鈥渕ore guns on the North Side.鈥� 

The incident linked to Adams 鈥� the and now-former cop 鈥� is included among dozens of allegations and disciplinary findings against campus police officers recently stationed inside Minneapolis public schools that include claims of police brutality, racial discrimination and domestic violence. 

In one incident, officers were accused of beating and arresting a man for carrying a handgun despite having a concealed carry permit. In another, police were accused of pounding in a man鈥檚 face because he littered the crust from a slice of pizza. Both incidents ended with court settlements, against Minneapolis officers that has cost taxpayers millions of dollars. The city after a man said at least six officers punched, kicked and tasered him during a traffic stop. One of the accused officers became a school-based cop, a position he held until last year.

After George Floyd was murdered in 2020 at the hands of a Minneapolis officer, the city school board was quick to end its longstanding contract with the police department for campus cops, a move that some critics said was politically motivated. Floyd鈥檚 death put a national spotlight on police brutality and excessive force. 社区黑料 obtained public officer misconduct records and court files to explore whether similar interactions between police and students had transpired in Minneapolis classrooms 鈥� and if such incidents may have contributed to the school board鈥檚 decision to cut ties with the department. Ultimately, few of the records involved on-campus incidents or youth, but the lengthy list of allegations and disciplinary findings 鈥� many alleging violence on the part of police 鈥� raised separate questions about how the officers wound up inside schools in the first place. They also offer new context for an ongoing national debate about the role police should play in schools and whether they鈥檙e best equipped to ensure students are safe. 

Ben Fisher, an assistant criminal justice professor at Florida State University whose research focuses on the efficacy of school-based police, said the Minneapolis officers鈥� disciplinary and court records 鈥渟eemed quite problematic.鈥�

鈥淪chools contain some of our most vulnerable people in society,鈥� Fisher said. 鈥淚f we are putting officers in there who have abused their power in some way outside of the school, it鈥檚 a very scary proposition to imagine that track record following them into schools.鈥�

Minneapolis Police Department spokesman Garrett Parten said officers鈥� disciplinary records were considered before they were stationed inside schools, but he declined to comment on specific allegations or findings against officers. School resource officers took the job to build trust between youth and police, serve as positive role models and ensure children could learn in a safe environment, he said in an email. Effects of the school board鈥檚 decision to end the school resource officer program, he said, 鈥渨ill become evident over time.鈥�

Dozens of school districts across the country severed their ties with police after Floyd鈥檚 murder, but broader police reform efforts have so far faltered. In Washington, legislation that sought to improve transparency around officer misconduct and make it easier to prosecute bad cops, among other changes, failed as bipartisan negotiations broke down. 

Locally, Minneapolis voters will consider a ballot question next week that could remove from the city charter a police department that鈥檚 long been . As the school district navigates its first year without a full-time police presence in classrooms, the ballot measure would create instead a city Department of Public Safety that would use a 鈥渃omprehensive public health approach鈥� and employ police officers only 鈥渋f necessary.鈥�

National industry recommend collaboration between police and education leaders when stationing officers inside schools, but researchers who study the efficacy of school resource officers said that little evidence exists about how such selection processes actually work. Anecdotally, the job is highly regarded in some districts and officers compete for the position, Fisher said. In other places, being stationed in schools is 鈥渁 punishment where police are put there if they can鈥檛 cut it on the streets.鈥�

鈥楥ompletely out of control鈥�

社区黑料 obtained Minneapolis Police Department misconduct records for the 24 officers assigned to public schools for the five years prior to Floyd鈥檚 murder. Of those, 21 officers faced 105 internal complaints, 11 of which resulted in discipline of varying severity. Those records span the duration of officers鈥� employment with the department. Separately, the officers stationed in schools were named in federal lawsuits on at least two dozen occasions, according to an analysis of court records. 

The police disciplinary issues range in seriousness. One officer who worked in the schools was cited in 2019 for unintentionally firing his service rifle while responding to a call about a man with a gun, and another was given a letter of reprimand after getting arrested for driving under the influence of alcohol. In two of the 11 cases which resulted in official department action, officers were disciplined for using excessive force. 

About half of the Minneapolis officers who were sued or disciplined remain on the force, according to a department spokesperson. 

Among them is Mukhtar Abdulkadir, who has faced 11 internal complaints 鈥� two that resulted in discipline 鈥� and two federal lawsuits. He reported to work as a school resource officer as recently as 2017, district records show. Records suggest the officer has a tendency to respond violently when under stress. 

In 2010, a young Ethiopian immigrant accused Abdulkadir of choking and punching him and calling him a racial slur after he was pulled over and cited for riding a bike at night without a light, a citation the man called 鈥渟tupid.鈥� A federal lawsuit following the incident . Abdulkadir and his attorneys couldn鈥檛 be reached for comment. 

In 2011, Abdulkadir was arrested on assault and terroristic threat charges after his then-wife accused him of punching her in the ribs, smothering her face with a pillow and hitting her in the face with the butt of his service pistol. Abdulkadir was but was rehired with back pay after his former wife retracted her allegations. Yet according to his disciplinary file, internal investigators believed her decision to recant was obvious: 鈥淥nly if he is reinstated will she obtain child support when they divorce.鈥� Additionally, internal records note that domestic abuse victims often 鈥渢ake the blame鈥� because their abusers maintain control over them. 

Abdulkadir was also accused of repeatedly punching a man outside a car wash in 2013. The man honked at the officer because he was next in line at the automatic car wash but hadn’t moved forward, according to a complaint in a federal lawsuit. In response, Abdulkadir was accused of punching the man repeatedly before charging him with disorderly conduct, according to the lawsuit that also . 

Then, in 2014, Abdulkadir was reprimanded for becoming irate after he failed firearms training. Officers who witnessed the outburst reported feeling afraid because he 鈥渨as completely out of control鈥� and had easy access to a gun. 

鈥淭hat night I truly believed that at any time he could grab his weapon, load it and use it against officers,鈥� a police sergeant told internal investigators. In a less controlled environment, the sergeant said he could see a situation where Abdulkadir would 鈥渃ompletely lose control of everything and harm himself, other officers or the public.鈥� 

District records show Abdulkadir was assigned to Minneapolis campuses a year later, including Andersen United Middle School and Seward Montessori School. 

When officers protect their own

The disciplinary findings against Adams put the storied coach and second-generation Minneapolis cop on defense, a position he isn鈥檛 used to playing. After the school board voted to break with the police department, some students at North High School, the predominantly Black school where Adams worked as a school resource officer, So did the school鈥檚 principal. 

On after reinvigorated the Black Lives Matter movement, The New York Times examined how his roles as a football coach and a Black police officer placed him on both ends of the debate on policing in America. As Adams , 鈥淚 wear blue, but I鈥檓 Black.鈥�

The records suggest that Adams, who left the police department last year and is now head of team security for the Minnesota Twins, was willing to go to great lengths for a colleague accused of a serious crime, a reality he acknowledged in an interview with 社区黑料. Woods, the North High School security guard, and his attorney couldn’t be reached for comment. 

鈥�I stood up for him as a character,鈥� Adams said. 鈥淚 never said that it was OK for what he did.鈥�

North High School Principal Mauri Friestleben, who has been outspoken against the school board鈥檚 decision to cut ties with the police, similarly stood behind Adams. With officers in schools, she said she witnessed a 鈥渉ealthy discourse about what real protecting and serving looked like,鈥� including situations where campus cops helped students avoid arrests. 鈥淚 have no reservations about my public support鈥� of Adams, she wrote in an email, and called the officer 鈥渁 protector鈥� who came to the job 鈥渨ith multiple dimensions and this may be just one of them.鈥� 

Adams sought to downplay his own disciplinary record, arguing that police leaders and prosecutors overreacted to his intervening in Woods鈥檚 criminal case. Prior to becoming a school security guard, Woods was convicted of armed robbery in 1992 and became ineligible to possess a firearm. Six years later, police arrested Woods with a gun outside a Minneapolis Greyhound bus station. Woods, who is Black, unsuccessfully accused the officers of racial discrimination when they stopped him while investigating drug and gun trafficking, according to court records. 

Adams said that Woods was a positive force in the community and shouldn鈥檛 be defined by the years he spent in prison. After the shooting outside North High, Woods wasn鈥檛 trying to keep the guns for himself, Adams maintained. Instead, Woods knew the students involved in the shooting and didn鈥檛 want them to get arrested. Woods recognized them as gang members, according to court documents.

鈥淚 took it as him looking out for those two kids,鈥� said Adams, who added that he didn鈥檛 observe the shooting himself. 鈥淗e took [the guns] from them and said 鈥楪et out of here,鈥� one of those types of deals because that鈥檚 just the type of person that he is.鈥� 

Adams scoffed at the suggestion from Krenz, the prosecutor, that his defense of Woods conflicted with his role in keeping the community safe. Krenz declined to comment for this article. Adams said she wouldn鈥檛 know where North High was if it 鈥渟macked her in her face.鈥� 

鈥淚 don鈥檛 want to hear that,鈥� Adams said. 鈥淚 hear so many people talk about what should be good for our community. They have never stepped one foot inside of it.鈥� 

鈥楪ood ol鈥� boy network鈥�

Internal police records obtained by 社区黑料 likely offer a significant undercount of officer misconduct. Just 2.7 percent of complaints resulted in discipline between 2013 and 2019, according to a nonprofit news outlet. After lengthy investigations, disciplined officers often received letters of reprimand or brief suspensions. 

A pattern of officers protecting their peers allowed abuses to remain under the radar until it went to court, the investigation found. Three years before he murdered Floyd, for example, Derek Chauvin and pinned him to the ground for 17 minutes. The incident, which could be seen as a precursor to Chauvin kneeling on Floyd鈥檚 neck, from his public records. 

社区黑料 sought comments from Minneapolis officers previously stationed inside schools, school board members, the city and state police unions, an attorney who represents many officers in misconduct litigation, the city and the county attorney鈥檚 office. Each declined to comment or didn鈥檛 respond to interview requests. 

Among the lawsuits against officers placed in schools, civil rights attorney Zorislav Leyderman represented the plaintiffs in six. Police misconduct incidents that occur outside schools, he said, should influence whether those involved are assigned as school resource officers. Leyderman cited the allegations as contributing to a larger culture in the city where many Minneapolis residents fear the police. 

鈥淭hey don鈥檛 want to interact with law enforcement because they鈥檙e worried that if they do, they鈥檙e going to get injured,鈥� he said. The allegations against the officers stationed in schools 鈥渟hould have been looked into, both the lawsuits and these internal complaints.鈥� 

Oftentimes, he said police misconduct remains outside the public eye because officers are 鈥渃oached鈥� following incidents, a practice the department has maintained isn鈥檛 a form of official discipline. The department was sued and , including in cases of serious wrongdoing. In , investigators found that Minneapolis police used coaching to resolve more than a quarter of complaints over a six-year period.

Local parent advocate Khulia Pringle, who helped the school district hire security staff to replace sworn police last year, said that officers鈥� disciplinary records should be a major factor when placing them inside schools. However, that history only reinforced her belief that police have no place walking hallways. 

鈥淚n any other situation, when we need the cops, we call them,鈥� said Pringle, a Minnesota-based representative of the . If they鈥檙e going to be there, there 鈥渟hould have been more protocols in place as to which officers are in schools,鈥� she said. 

Adams said he was surprised to see the allegations against other police officers who worked in the schools, and although negative interactions between cops and youth have occurred, he couldn鈥檛 recall any recent instances that could鈥檝e motivated the school board鈥檚 decision to end its police contract. Yet Adams, who said he can 鈥渟peak freely鈥� now because he鈥檚 no longer a cop, portrayed his former department as one where officer misconduct is routine. 

鈥淚t鈥檚 the good ol鈥� boy network,鈥� he said. 鈥淵ou鈥檝e got guys who are in the police department that treat people wrong on purpose and you can see it.鈥� 

鈥楶art of the game鈥�

As communities across the country grapple with the role police play in schools, new research serves to highlight the issue鈥檚 complexities. On one hand, the officers reduce some forms of violent crimes like fights, according to the research. At the same time, their presence prompts a dramatic uptick in suspensions and arrests 鈥� especially for students who are Black. Little academic research explores the types of officers who are more effective than others in schools.

But being named in a federal lawsuit shouldn鈥檛 be automatically disqualifying, said school safety consultant Kenneth Trump, president of National School Safety and Security Services in Cleveland. Filing civil rights lawsuits against an arresting officer is all 鈥減art of the game,鈥� he said. Police misconduct suits often end in settlements, yet Trump said the final results should become part of the equation when making school resource officer assignments.

鈥淚f you鈥檙e a police officer and you鈥檙e doing your job on the streets, there鈥檚 a really good chance you鈥檙e going to get sued somewhere in your career,鈥� said Trump, a proponent of school-based policing. 鈥淏ut there should be some sort of baseline criteria and screening set by your police administration before that pool of officers is ever presented at that next step to your school people.鈥�

Parten, the Minneapolis police spokesman, said that all officers were eligible to apply for the school resource officer program and were interviewed by a panel of police department and school district officials. The police chief had the final say in hiring decisions. Parten said he collaborated with education officials when crafting a statement for this article, but Minneapolis school district spokeswoman Julie Schultz Brown didn鈥檛 respond to multiple requests for comment. 

鈥淐andidates were presented with scenario-based questions designed to evaluate critical thinking skills necessary for a school setting and further examined each individual鈥檚 understanding of the challenges and rewards associated with the position,鈥� he said. 

Policing in Minneapolis remains contentious in the larger community, and voters will soon decide whether to go in a completely new direction. Ahead of next week鈥檚 election, suggests the question of whether to dismantle the traditional police department will be close. Black voters were less likely than white voters to support the idea. 

A similar course change 鈥� to remove cops from Minneapolis schools and replace them with district security staff 鈥� was ultimately detrimental, Adams maintains. 鈥淐rime is outrageous鈥� at North High School, he said, and the security team hired to replace sworn officers is 鈥渟tretched thin.鈥� 

And even though he defended a security guard who he said sought to keep kids out of the criminal justice system, the former cop said stationing police in schools was an effective strategy to catch suspected criminals.

鈥淎 lot of kids would obviously show up to school and investigators and a lot of police knew the kid would be there,鈥� Adams said. 鈥淭hat was a good way to get bad guys.鈥� 

Lead Image: Former police officer Charles Adams III’s actions to intervene on behalf of a school security guard arrested on gun charges are among dozens of disciplinary findings and misconduct allegations involving campus police officers recently stationed inside Minneapolis public schools. (Andrea Ellen Reed / The New York Times / Redux)