Chicago Public Schools report data breach exposing student data

Chicago Public Schools (CPS) is reporting a ransomware attack which exposed private information of more than 700,000 current and former students.

The attack targeted a server maintained by a CPS technology vendor that stores student data. The hackers exploited a vulnerability in the vendor's software that CPS uses to share information with other agencies. This security breach affected not only Chicago Public Schools but also more than 60 other organizations across the United States.

The compromised student information includes:

• Names
• Dates of birth
• Genders
• Chicago Public Schools student ID numbers

For approximately 344,000 students (roughly half of those affected), additional sensitive information was exposed:

• Medicaid ID numbers
• Dates of program eligibility

The stolen data was subsequently published on the dark web, The breach impacts "all current students, and all former students dating back to the 2017-2018 school year," according to the district statement. This represents approximately 700,000 individuals whose data was compromised.

The district has collaborated with multiple agencies to investigate the incident, including the FBI and Department of Homeland Security

CPS will notify affected families via letter and has published resources for affected individuals at cps.edu/databreach.