Cyber Incident Victim: Chicago Public Schools
Date:
Oct 2025
Location:
United States of America
Summary
Chicago Public Schools announced that a breach of its file transfer vendor Cleo exposed personal information of current and former students over several years. The compromised data included names, dates of birth, gender, and district student ID numbers, with Medicaid IDs and eligibility dates also exposed for students enrolled in the program. Officials confirmed that Social Security numbers, financial details, and health records were not accessed. With over 320,000 students enrolled, the incident affects a large portion of the district’s population.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 1, 2025, CBS Chicago reported that Chicago Public Schools announced a massive data breach affecting current and former students from the 2017-18 school year onward. The breach originated from a hack of a vendor's server; the vendor, Cleo, provides file transfer software used by the district. The intrusion occurred late in the previous year (2024). Upon discovery, CPS officials disclosed that the compromised data included students' names, dates of birth, gender, and Chicago Public Schools student identification numbers. For students who were enrolled in Medicaid, their Medicaid identification numbers and dates of program eligibility were also exposed.
CPS emphasized that no Social Security numbers, financial information, or health data were accessed in the incident. The district's enrollment exceeds 320,000 students, indicating a potentially large number of individuals whose information may have been compromised. The breach was described as affecting all current and former students who attended the district over the past eight years. Officials noted that the exposed information, while sensitive, did not include the most critical identifiers often used for financial fraud.
In response to the breach, Chicago Public Schools advised all affected current and past students to check their credit reports as a precautionary measure. The announcement highlighted the need for vigilance given that the stolen data could be aggregated with other information by malicious actors. No further details about attacker identity, specific remediation steps taken by Cleo, or legal actions were provided in the source material.