Massive data breach for Chicago Public Schools
Yesterday, the Chicago Public School (CPS) district disclosed that a December 1st ransomware attack on Battelle for Kids exposed the stored data of 495,448 students and 56,138 employees in its school system.
According to a CPS, the school system partners with Battelle for Kids to upload student course information and assessment data for teacher evaluations.
CPS says that the data stored on Battelle for Kids' servers was for school years 2015 through 2019 and exposed students' personal information and assessment scores.
"Specifically, an unauthorized party gained access to your child’s name, date of birth, gender, grade level, school, Chicago Public Schools student ID number, State Student ID number, information about the courses your student took, and scores from performance tasks used for teacher evaluations during school years 2015-2016, 2016-2017, 2017-2018 and/or 2018-2019," explains the CPS
student data breach notification.
For staff, the threat actors potentially accessed their name, school, employee ID number, CPS email address, and Battelle for Kids username during school years 2015-2016, 2016-2017, 2017-2018 and/or 2018-2019.
CPS says that no Social Security Numbers, home addresses, health data, or financial information was exposed in the attack.
CPS is providing free credit monitoring, and identity theft protection to any students or staff members impacted. Instructions on how to access this free credit reporting can be found on the
CPS data breach page created by the school system.