Recently disclosed by Chicago Public Schools, a cyber-attack on their technology vendor, Cleo, has led to the unauthorized exposure of personal information belonging to approximately 700,000 students. The breach, which affects both current and former students dating back to the 2017-18 school year, has drawn the attention of law enforcement authorities, including the FBI and the Illinois attorney general’s office. According to a statement obtained by the Chicago Sun-Times, “At this time, there is no evidence to suggest that any student data has been misused.”
Among the compromised details were student names, dates of birth, genders, and CPS student ID numbers. Exposed by the data breach, Cleo—a platform that facilitates file transfers—was also housing Medicaid ID numbers and eligibility dates for students enrolled in the federal program. In a statement released by CPS, accessed by the WGN-TV, “no Social Security numbers, no financial information, no staff information and no health data were involved in the data breach.” Critical assurances have been communicated to families that no misuse of data has been reported as of yet.
With a pledge toward transparency and security of student data, CPS has been actively informing affected families and working with law enforcement to comprehend the full scope of the security incident. They have reiterated their dedication to student privacy, asserting a stringent expectation of their vendors to match the district’s commitment to protecting sensitive information…