Cybercrooks compromised server containing student course information and assessment data

Chicago Public Schools is warning families that education records may have been exposed following a ransomware attack on a third-party supplier

Chicago Public Schools (CPS) has warned parents that the personal records of more than 495,000 children may have been exposed as the result of a ransomware attack on a third-party supplier.

The cyber-attack against Battelle for Kids, an Ohio-based non-profit with a mission to modernize school systems, also exposed an estimated 56,138 staff records.

Encrypted data

Cybercriminals deploying ransomware routinely take copies of databases or other data prior to encrypting them and demand ransom in exchange for a decryption key. Alternatively, attackers can threaten victims that, unless they pay up, stolen data is likely to be dumped online.

In the CPS case, cybercriminals hacked into a server that stored student course information and assessment data that is used for teacher evaluations.

Attackers gained access to 495,448 student records that included names, dates of birth, genders, grade levels, courses taken, and more. Data collected between 2015 and 2019 was potentially exposed.


Catch up with the latest ransomware-related news and analysis


Compromised staff records included names, schools, work email addresses, courses taught, and more.

The compromised systems did not host social security numbers, financial information, health data or home addresses. These factors limit the potential impact of the breach, which could nonetheless facilitate the distribution of more than usually convincing phishing messages.

CPS published an advisory on the breach last Friday. It has promised to contact affected families and staff individually and offered victims free access to credit monitoring and identity theft protection.

Battelle Royale

The breach of Battelle for Kids took place on December 1, 2021, but the supplier only notified CPS of the problem on April 26, following confirmation of the breach by an independent forensics investigator and a police investigation.

The delay in notifying affected customers about the breach has provoked some criticism on social media. The Daily Swig asked Battelle for Kids to comment on this criticism as well as the circumstances that led to the breach, what ransomware was involved, and what interaction (if any) it had with the cybercriminals behind the attack.

We also asked which, if any, organizations beyond CPS were affected by the breach. No word back as yet, but we’ll update this story as and when more information comes to hand.


YOU MIGHT ALSO LIKE Popular websites leaking user email data to web tracking domains