A cyberattack on Cleo, a technology vendor for Chicago Public Schools (CPS), has compromised the personal data of current and former students. The breach occurred late last year when a server storing student information was attacked. CPS was notified of the breach on February 8.
The exposed data includes students’ names, birthdates, genders, and student ID numbers. Additionally, students enrolled in Medicaid had their program ID numbers and eligibility dates compromised. CPS officials confirmed that all current students and those who attended CPS since the 2017-2018 school year were likely affected.
“Importantly, no Social Security numbers, no financial information, and no health data were involved in this incident,” a CPS release read in part. “At this time, there is no evidence to suggest that any student data has been misused. No staff information was involved in this incident.”
However, no Social Security numbers, financial information, health data, or staff information were involved in the cyberattack.
To protect themselves, CPS advises affected individuals to request a free credit report and consider placing a fraud alert or security freeze with consumer reporting agencies.
“CPS is deeply committed to the security of student information, and we expect the same level of care and commitment from our vendors. As an organization, CPS takes proactive measures to limit exposure by continuously strengthening our defenses and including strong provisions in vendor contracts to ensure our data is protected. Through ongoing diligence and improvement, we will continue to adapt our security posture to reduce the risk of future breaches,” a statement from CPS Chief Information Officer Norman Fleming reads. “Please know that the protection of your child’s personal information is a top priority, and we sincerely regret any concern or inconvenience that this matter may cause you.”
