This story was initially printed by Chalkbeat. Join Chalkbeat Chicago’s free day by day publication to maintain up with the most recent information on Chicago Public Faculties.
CHICAGO — In a ransomware assault final 12 months, Russian hackers stole non-public info for greater than 700,000 present and former Chicago Public Faculties college students and put it on the darkish internet, district officers stated Friday.
In keeping with the district, the hackers gained entry to a server the place a CPS know-how vendor shops pupil information. Utilizing a weak point within the vendor’s software program that CPS makes use of to share information with different businesses, the hackers stole info from the district and greater than 60 different organizations throughout the nation.
College students’ names, dates of delivery, genders, and Chicago Public Faculties pupil ID numbers have been stolen.
“Whereas we’re nonetheless investigating this incident, we imagine that every one present college students, and all former college students courting again to the 2017-2018 college 12 months have been impacted,” the district stated in a press release.
For roughly half of the impacted college students, or about 344,000 present and former college students, Medicaid ID numbers and dates of program eligibility have been included within the information breach.
The stolen pupil info was initially encrypted, which the district likened to the hackers stealing a locked briefcase however with out the important thing. Nonetheless, district officers confirmed Friday that the hackers have been capable of break that encryption, exposing college students’ non-public info.
The darkish internet is part of the web inaccessible with search engines like google, the place criminality typically takes place. The district stated it will write to households Friday afternoon to tell them in regards to the breach.
The district stated it was by no means contacted about paying ransom in return for the stolen information. A rising variety of college districts lately have been victims of such information ransomware assaults, which have at instances uncovered delicate pupil and worker info. Know-how information website TechCrunch reported that the Russia-linked ransomware gang Clop stole the information from CPS and nearly 60 different organizations, benefiting from a bug in software program instruments from tech firm Cleo.
The district stated Friday it labored with the FBI, the Division of Homeland Safety, the State of Illinois Division of Innovation and Know-how and different businesses to analyze the incident. Officers burdened that the stolen information didn’t comprise Social Safety numbers or monetary info.
The district stated it doesn’t have any proof that any of the stolen info has been misused. Extra info and assets for households are at cps.edu/databreach.
Mila Koumpilova is Chalkbeat Chicago’s senior reporter overlaying Chicago Public Faculties. Contact Mila at mkoumpilova@chalkbeat.org.
Chalkbeat is a nonprofit information website overlaying academic change in public colleges.
https://www.chalkbeat.org/chicago/2025/03/07/cps-student-data-exposed-in-hacker-attack
