The education industry isn’t just in the business of teaching students, it’s also responsible for a lot of data, primarily personally identifiable information (PII), making these organizations a major target for threat actors. In March of 2023, Minneapolis Public Schools saw ransomware group Medusa publish current and former students “former student records, parent contacts, home addresses and IDs with pictures.” Unfortunately, this instance isn’t an outlier.