Cyber Incident Victim: Chicago Public Schools

On Friday, March 1, 2025, Chicago Public Schools announced a data breach affecting current and former students dating back to the 2017-18 school year. The breach originated from a hack of a vendor's server; the vendor, Cleo, provides file transfer software used by the district. The intrusion occurred late in the previous year, according to CPS officials. The compromised data included students' names, dates of birth, gender, and CPS student identification numbers. For those students who were enrolled in Medicaid, their Medicaid identification numbers and the dates of program eligibility were also exposed. Officials confirmed that no Social Security numbers, financial information, or health data were accessed in the incident.

With more than 320,000 students currently enrolled in Chicago Public Schools, the potential number of individuals affected is large. The breach encompasses all current and former students whose records span the 2017-18 through the most recent school years. CPS officials stated that the exposed information does not include the most sensitive identifiers typically used for financial fraud. The district communicated the breach to the public through a press release and notified affected individuals via the channels outlined in their announcement. The incident prompted an internal review of the vendor relationship and the security controls surrounding the file transfer system.

The breach was discovered after the vendor's server showed signs of unauthorized access, leading to the investigation that confirmed the data exposure. CPS emphasized that the breach was limited to the specific data elements described and did not extend to other district systems. The announcement highlighted the timeframe of the affected records and the types of data involved, providing clarity on what information may have been compromised. The district continues to monitor the situation and work with law enforcement and the vendor to address the security lapse.