Data of Half-Million Chicago Students Exposed in a Ransomware Attack

  • Richard Marley
  • May 23, 2022
  • 2 minutes read
  • 1069

The personal information of more than half a million Chicago students and the staff was accessed in a ransomware attack consisting of records worth four years. 

Last December, a ransomware attack compromised the personal information of more than a half million Chicago Public School students and staff members which wasn’t reported by the technology vendor Battelle for Kids till last month, as stated by the CPS Officials

CPS was informed about the data breach on April 26 via a mailed letter, claiming that the server used to store data about the students and staff was breached and four years’ worth of data was accessed. 

Around 495,448 student and 56,138 employee records were acquired from the 2015-16 through 2018-2019 school years, consisting of details about student’s names, gender, date of birth, CPS identification numbers, and scores on course-specific assessments utilised for teacher evaluations. 

The CPS confirmed that the breach did not store any other records, as proclaimed in a statement “There were no Social Security numbers, no financial information, no health data, no current course or schedule information, no home addresses and no course grades, standardized test scores, or teacher evaluation scores exposed in this incident.”

The representative of CPS informed the affected families and staff that no evidence has been found of misusing the data. Still, they aim to provide a year of credit monitoring and identity theft protection to them. 

Battelle for Kids was hired to assist district leaders to perform the “CPS REACH” teacher evaluation program. As the contract of the vendor with CPS states that they shall immediately report the distract of any data breach, a statement was passed by Battelle for Kids on Friday, “immediately engaged a national cybersecurity firm to assess the scope of the incident and took steps to mitigate the potential impact.”

No answers were given about why the company didn’t inform the CPS of the breach while claiming that they have placed stronger security protocols since the incident as the assessment is underway to be resolved.

Suggested Read: Data Breach Exposes 515,000 IDs, More Cases of Synthetic ID Fraud to be Expected?