Recently disclosed by Chicago Public Schools, a cyber-attack on their technology vendor, Cleo, has led to the unauthorized exposure of personal information belonging to approximately 700,000 students. The breach, which affects both current and former students dating back to the 2017-18 school year, has drawn the attention of law enforcement authorities, including the FBI and the Illinois attorney general's office. According to a statement obtained by the Chicago Sun-Times, "At this time, there is no evidence to suggest that any student data has been misused."
Among the compromised details were student names, dates of birth, genders, and CPS student ID numbers. Exposed by the data breach, Cleo—a platform that facilitates file transfers—was also housing Medicaid ID numbers and eligibility dates for students enrolled in the federal program. In a statement released by CPS, accessed by the WGN-TV, "no Social Security numbers, no financial information, no staff information and no health data were involved in the data breach." Critical assurances have been communicated to families that no misuse of data has been reported as of yet.
With a pledge toward transparency and security of student data, CPS has been actively informing affected families and working with law enforcement to comprehend the full scope of the security incident. They have reiterated their dedication to student privacy, asserting a stringent expectation of their vendors to match the district's commitment to protecting sensitive information.
Following the breach, CPS has emphasized their proactive approach to cybersecurity in their official communications. They stated, "CPS is deeply committed to the security of student information, and we expect the same level of care and commitment from our vendors." The district is pursuing the continuous strengthening of their digital defenses and implementing robust provisions in vendor contracts to safeguard data more effectively. As noted by CPS and reported by the Chicago Sun-Times, "Through ongoing diligence and improvement, we will continue to adapt our security posture to reduce the risk of future breaches."
In the wake of the breach, CPS has reached out to families to convey their regret for any concern this incident may have caused, and they've assured parents and guardians that protecting their children's personal information remains a top priority. The response from CPS continues to unfold as investigations proceed and measures are taken to reinforce their cybersecurity framework.
