Data of Half-Million Chicago Students Exposed in a Ransomware Attack

Richard Marley
May 23, 2022
2 minutes read
1069

The personal information of more than half a million Chicago students and the staff was accessed in a ransomware attack consisting of records worth four years.

Last December, a ransomware attack compromised the personal information of more than a half million Chicago Public School students and staff members which wasn’t reported by the technology vendor Battelle for Kids till last month, as stated by the CPS Officials.

CPS was informed about the data breach on April 26 via a mailed letter, claiming that the server used to store data about the students and staff was breached and four years’ worth of data was accessed.

Around 495,448 student and 56,138 employee records were acquired from the 2015-16 through 2018-2019 school years, consisting of details about student’s names, gender, date of birth, CPS identification numbers, and scores on course-specific assessments utilised for teacher evaluations.

The CPS confirmed that the breach did not store any other records, as proclaimed in a statement “There were no Social Security numbers, no financial information, no health data, no current course or schedule information, no home addresses and no course grades, standardized test scores, or teacher evaluation scores exposed in this incident.”

The representative of CPS informed the affected families and staff that no evidence has been found of misusing the data. Still, they aim to provide a year of credit monitoring and identity theft protection to them.

Battelle for Kids was hired to assist district leaders to perform the “CPS REACH” teacher evaluation program. As the contract of the vendor with CPS states that they shall immediately report the distract of any data breach, a statement was passed by Battelle for Kids on Friday, “immediately engaged a national cybersecurity firm to assess the scope of the incident and took steps to mitigate the potential impact.”

No answers were given about why the company didn’t inform the CPS of the breach while claiming that they have placed stronger security protocols since the incident as the assessment is underway to be resolved.

Disclaimer: No warranty is herein provided that the information contained in this document is accurate, up-to-date, and/or complete. In no circumstance(s), does such information constitute legal or any other advice. Any person who intends to use, rely, pass-on, or re-publish the information contained herein in any way is solely responsible for the same. We suggest to verify the information and/or obtain expert advice independently if required.

Latest News

News
Interpol Seizes $130M Worth of Virtual Assets from Cybercriminals Worldwide
The International Criminal Police Organization Interpol has seized $130 million worth of virtual assets that are linked to money laundering operations and different cybercrimes worldwide.

The “HAECHI III” law enforcement operation, which lasted between June 28 and November 23, 2022, enabled INTERPOL to arrest nearly a thousand suspects.

“In total, the operation resulted in the arrest of 975 individuals and allowed investigators to resolve more than 1,600 cases,” reads Interpol’s announcement. “In addition, almost 2,800 bank and virtual-asset accounts linked to the illicit proceeds of online financial crime were blocked.”

The various cybercrimes that contributed to the aforementioned sum include voice phishing, investment fraud, romance scams, sextortion, and money laundering linked to illegitimate online gambling.

Due to the activity, Interpol also produced 95 alerts and diffusions and identified 16 novel crime trends that would enable law enforcement agencies all around the world to concentrate on their efforts against cybercriminals more effectively.

The latest scams include types of financial fraud and romantic scams that criminals are continually improving to maintain novelty.

Additionally, Interpol noticed an increase in the usage of encrypted messaging applications by scammers to communicate with their victims in investment schemes.

Interpol’s statement also highlights the success of its fresh Anti Money Laundering Rapid Response Protocol (ARRP) mechanism, which was first put to the test during the organization’s prior operation, known as “Operation Jackal.”

Scammers had $1,250,000M returned to them due to ARRP, an Irish firm that was the victim of the Business Email Compromise (BEC). This was the total sum that the business lost to the BEC fraudsters, who ARRP assisted in identifying and seizing.

Since the beginning of ARRP’s pilot testing phase in January 2022, the technology has assisted in the recovery of $120M in cybercriminal proceeds.

Suggested Read: Interpol Warns of the Rise in Romance Scams as Valentine’s Day Approaches

Recent Posts

Blog
Customer Risk Assessment - A Landmark Approach to Fight Identity Fraud
Identity theft is the most prominent cybercrime which has raised alarms for global law enforcement authorities. Masterminds behind these scams are targeting all digital platforms, including e-commerce, ride-hailing apps, social media, and online gambling, which has made users vulnerable to risks of financial losses. The severity of identity fraud increases as criminals use stolen data to take over users’ accounts, make fake bank accounts, and carry out illicit financial transactions. The results remain disastrous for the affected persons as they lose their earnings without knowing about it.

The issue’s intensity can be judged by the fact that in the US alone, 42 million citizens became victims of identity theft, costing $52 billion in total losses. While onboarding any digital platform, users are asked to input their confidential details, which are further exploited by fraudsters. In fact, the service provider must secure their users’ information, but most platforms have inadequate screening measures, which ultimately aids bad actors in abusing the system. In such a situation, customer risk assessment is the most feasible approach, which can help businesses identify their users by applying strict checks and verifying their origins.

Identity Theft – A Looming Threat for Digital Businesses

Since the COVID-19 pandemic, the concept of using remote services has picked up the pace, and users prefer to visit digital platforms instead of going to offices. A large number of banks have introduced mobile apps for all types of transactions which has further provided attractive opportunities for criminals to steal someone’s identity, take over their account and transfer money to somewhere else. The majority of service providers have incorporated stringent checks like biometric authentication, two-factor authentication, and many others, but crime is still prevalent and increasing every year. The screening system based on the principles of customer risk assessment could be the most appropriate solution for online businesses as it can track the complete history of the users.

Account takeover is one of the leading issues that is increasing due to identity theft. The criminals use the stolen details of customers to log in to their bank or e-commerce accounts, further carrying out financial transactions. During the pandemic, a huge surge of 307% was witnessed in account takeover cases. Even now, when the effects of COVID-19 have almost diminished, criminals are involved in fraudulent activities in the same way. The Financial Action Task Force (FATF), the leading global organization fighting money laundering, has also suggested that online businesses should go for customer risk screening which is quite an ideal verification process.

How Law Enforcement Authorities are Countering Cybercriminals

Law enforcement authorities across the globe are facing the challenge of identity theft, and with time, criminal cases are increasing. Recently, several cases of identity fraud have been witnessed where cases were registered against criminals. Although countering the bad actors involved in online scams is quite gruesome, implementing customer risk assessment techniques can serve the purpose.

Let’s have a look at some of the high-profile cases of identity fraud:

Gang Members Sentenced to 60 Months in Prison for Identity Theft

The US Department of Justice has sentenced gang members to 60 months in prison who were involved in several online scams, including identity theft and wire fraud. It has been established during the investigation that they had been carrying out fraudulent activities for more than a year and during this time, they managed to steal $300,000 from the users. Court has further mentioned that no group or individual in the US will be allowed to defraud the users through online scams.

Criminals Jailed Over Multi-Million Identity Fraud in Spain

Spanish Police have arrested a gang that was involved in providing fake identities and forged documents to customers. The investigation revealed that criminals were stealing users’ data from different online platforms and further selling it in the black market. Police have stated that it was a multi-million scam, and all the criminals have been sent to jail.

Fighting Identity Fraud Through Customer Risk Assessment

Customer risk assessment is a set of extreme measures which are generally used by businesses to verify the identities of their customers when some new professional relationship is formed. B2B companies are also using customer risk screening methods to authenticate the documents and identities of other businesses before making any contract with them. It is an ideal process for all digital service providers as it provides in-depth knowledge about the other party and makes a record of their information. Customer risk assessment is not only a feasible solution against identity theft but also a valuable tool to counter money laundering.

Although several identity verification services are efficient enough to counter criminals, customer risk assessment is more advanced and modern, providing the best verification options to digital businesses. It involves various security checks, including checking customers’ identity, background, area of origin, business, and criminal record. All these parameters have remained quite productive in countering cybercriminals and helped many organizations comply with global regulations.

How Customer Risk Assessment Screening is Carried Out

Customer risk assessment is a technical process that involves multiple security checks, and users have to pass all of them to avoid being reported to authorities. All these screening measures have been recommended by the FATF, and companies with customer risk assessment models are following them to comply with the global guidelines.

Here are some of the prominent risk factors:

Customer’s Identity

Customer risk screening verifies the true identities while making a thorough background check. Corrupt politicians and business tycoons usually get more chances of laundering money or carrying out other financial crimes, so the system should be efficient enough to track users’ history to get updated knowledge about their economic activities in the past.

Geography

There are few regions in the world that have weak AML and other cyber laws, which ultimately help criminals to carry out crimes without much trouble. FATF has placed a large number of countries on grey or black lists, which means that all such states are vulnerable to financial crimes. The customer risk assessment process verifies the origin of the users and determines how stronger AML regulations are there.

Industry/Business

Some businesses are notorious for corrupt practices, like gold, art & antiquities, and other luxury items. The customer risk screening method verifies the business of the users and makes a thorough investigation in case the customer is involved in some vulnerable business.

What Shufti Pro Offers?

Combating identity fraud is crucial for the digital sector and is the most appropriate time for companies to invest in screening measures. The customer risk assessment is an ideal solution for online service providers which will help them in countering financial criminals.

Shufti Pro is offering customer risk screening solutions which is the perfect solution for online businesses. It will not only help them in ensuring global regulatory compliance but will also secure their users’ identities. Shufti Pro’s Customer Risk Assessment (CRA) verifies the identities of users through the toughest parameters which will never let the criminals onboard the system. It is efficient enough to generate results in seconds with a ~99% accuracy.

Want to know more about customer risk assessment for digital businesses?

Talk to CRA Expert

Data of Half-Million Chicago Students Exposed in a Ransomware Attack

Identity Theft – A Looming Threat for Digital Businesses

How Law Enforcement Authorities are Countering Cybercriminals

Gang Members Sentenced to 60 Months in Prison for Identity Theft

Criminals Jailed Over Multi-Million Identity Fraud in Spain

Fighting Identity Fraud Through Customer Risk Assessment

How Customer Risk Assessment Screening is Carried Out

Customer’s Identity

Geography

Industry/Business

What Shufti Pro Offers?

Let’s prove your

customer’s identity

with Shuftipro.

Let’s prove your customer’s

identity with Shuftipro.