Join Chalkbeat Chicago’s free every day publication to maintain up with the most recent information on Chicago Public Colleges.
In a ransomware assault final 12 months, Russian hackers stole non-public data for greater than 700,000 present and former Chicago Public Colleges college students and put it on the darkish net, district officers stated Friday.
In response to the district, the hackers gained entry to a server the place a CPS expertise vendor shops pupil knowledge. Utilizing a weak spot within the vendor’s software program that CPS makes use of to share knowledge with different companies, the hackers stole data from the district and greater than 60 different organizations throughout the nation.
College students’ names, dates of start, genders, and Chicago Public Colleges pupil ID numbers had been stolen.
“Whereas we’re nonetheless investigating this incident, we imagine that each one present college students, and all former college students courting again to the 2017-2018 college 12 months had been impacted,” the district stated in an announcement.
For roughly half of the impacted college students, or about 344,000 present and former college students, Medicaid ID numbers and dates of program eligibility had been included within the knowledge breach.
The stolen pupil data was initially encrypted, which the district likened to the hackers stealing a locked briefcase however with out the important thing. Nonetheless, district officers confirmed Friday that the hackers had been capable of break that encryption, exposing college students’ non-public data.
The darkish net is part of the web inaccessible with engines like google, the place criminality usually takes place. The district stated it will write to households Friday afternoon to tell them concerning the breach.
The district stated it was by no means contacted about paying ransom in return for the stolen knowledge. A rising variety of college districts in recent times have been victims of such knowledge ransomware assaults, which have at instances uncovered delicate pupil and worker data. Know-how information web site TechCrunch reported that the Russia-linked ransomware gang Clop stole the info from CPS and nearly 60 different organizations, benefiting from a bug in software program instruments from tech firm Cleo.
The district stated Friday it labored with the FBI, the Division of Homeland Safety, the State of Illinois Division of Innovation and Know-how and different companies to analyze the incident. Officers burdened that the stolen knowledge didn’t include Social Safety numbers or monetary data.
The district stated it doesn’t have any proof that any of the stolen data has been misused. Extra data and assets for households are at cps.edu/databreach.
Mila Koumpilova is Chalkbeat Chicago’s senior reporter overlaying Chicago Public Colleges. Contact Mila at [email protected].
