Cyber Incident Victim: Minnesota Department of Education
Date:
Apr 2015
Location:
United States of America
Summary
A cyber attack targeting the Minnesota Department of Education's online testing system disrupted statewide MCA assessments for students in grades 3 through 8 and high school students, causing widespread login failures over multiple weeks. The incident involved a distributed denial of service (DDoS) attack against Pearson, the third-party testing platform provider, which overwhelmed the system without compromising student data. Testing was temporarily suspended due to operational disruptions and concerns about heightened student anxiety during the critical assessment period. The vendor resolved the issue by implementing additional security measures, allowing assessments to resume shortly afterward, while authorities investigated the source of the intentional disruption.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In April 2015, the Minnesota Department of Education suspended Minnesota Comprehensive Assessments (MCA) testing for students statewide following a cyber attack targeting the online testing platform. The disruption began during the weeks of April 15 and April 22, when students across grades 3-8 and high school sophomores and juniors experienced persistent login failures while attempting to access the standardized tests in reading, math, and science. Initial technical assessments by Pearson—the contracted testing vendor responsible for administering the exams—identified server failures and excessive traffic volumes as potential causes. On Tuesday, April 21, forensic analysis confirmed the outages resulted from a deliberate distributed denial-of-service (DDoS) attack orchestrated externally to overwhelm the system’s capacity. Department spokesperson Josh Collins clarified the attack aimed solely to disrupt testing availability rather than compromise student data, comparing the mechanism to incessant interruptions preventing legitimate system access. The Department suspended all MCA testing upon confirming the malicious origin of the outage to prevent further student distress and allow remediation.
The attack directly impacted educational operations by delaying critical assessments used to measure annual student progress and school performance metrics. Educators expressed concern that technical failures exacerbated testing-related anxiety among students aware of the exams’ academic significance. Pearson addressed the infrastructure vulnerabilities by implementing enhanced protective measures, enabling the Department to resume testing on Thursday, April 23, after a one-day suspension. No evidence indicated unauthorized access to or exfiltration of student records during the incident. Law enforcement initiated an investigation to identify the perpetrators responsible for the DDoS attack, which also affected testing systems in multiple unspecified U.S. states. The Minnesota Department of Education maintained public communication throughout the incident, attributing the decision to pause testing partly to mitigate psychological impacts on students while technical countermeasures were deployed.