Over 30,000 individuals impacted in Baltimore City Public Schools data breach

Baltimore City Public Schools said a data security incident it suffered earlier this year compromised the sensitive personal information of more than 30,000 individuals.

 

Established in 1829, Baltimore City Public Schools is the public school district serving the city of Baltimore, Maryland. With a mission to provide quality education for all students, the school district operates 153 schools, along with administrative, modular, and portable buildings.

 

In a data security incident notice published on its website, BCPS said that on February 13, it experienced a cyber security incident that affected its internal network. The school district immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

It also took steps to secure the affected systems and notified relevant law enforcement authorities about the incident.

 

“Following a thorough investigation with the guidance of law enforcement and external cybersecurity experts, we have confirmed that certain documents may have been compromised by criminal actors, which contained information belonging to some current and former employees, volunteers, and contractors, as well as files related to less than 1.5% of our student population,” BCPS said.

 

The compromised data included names, social security numbers, driver’s license numbers, passport numbers, student data, call logs, absenteeism records, maternity status and more. 

 

While the school district did not share the number of affected individuals in its notice, the Maryland Office of the Attorney General confirmed to The Baltimore Sun that more than 31,000 individuals were affected as a result of the incident.

 

BCPS has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general.

 

It has also offered complimentary identity protection and credit monitoring services to all affected individuals.

 

 

In March, the Cloak ransomware group claimed responsibility for the cyber attack on BCPS and listed it as a victim on its data leak site. The school district did not share how much data was compromised, or whether it has received a ransom demand.