Chicago Public Schools alerts families to data breach exposing student information

CHICAGO – Chicago Public Schools issued a warning to families Friday about a data breach impacting several students over the past several years.

CPS said a file transfer software called Cleo, a CPS technology vendor, was hacked. The server attacked was one that was used to store data about current and former CPS students.

“Specifically, an unauthorized party gained access to students’ names, date of birth, gender, and Chicago Public Schools student ID number,” the school district said. “For students who are enrolled in the federal Medicaid program, students’ Medicaid ID number and dates of program eligibility were also exposed.”

CPS officials believe all current students and all former students dating back to the 2017-18 school year were impacted.

Officials also stressed no Social Security numbers, no financial information, no staff information and no health data were involved in the data breach.

CPS issued the following statement on the breach:

“CPS is deeply committed to the security of student information, and we expect the same level of care and commitment from our vendors. As an organization, CPS takes proactive measures to limit exposure by continuously strengthening our defenses and including strong provisions in vendor contracts to ensure our data is protected. Through ongoing diligence and improvement, we will continue to adapt our security posture to reduce the risk of future breaches.

“Please know that the protection of your child’s personal information is a top priority, and we sincerely regret any concern or inconvenience that this matter may cause you.”