A ransomware attack on Baltimore City Public Schools (BCPS) in February 2025 has resulted in the exposure of sensitive data belonging to thousands of students, teachers, and staff. The breach, confirmed by school officials this week, has affected approximately 25,000 individuals, including over 7,000 current teachers and 1,150 students.
February Cyberattack Targeted School System IT Infrastructure
On April 23, BCPS published a breach notification revealing that a cybersecurity incident on February 13 had compromised parts of its IT environment. While the district did not disclose full technical details in the statement, a spokesperson later confirmed the attack was ransomware-related.
The district stated:
“Certain documents may have been compromised by criminal actors, which contained information belonging to some current and former employees, volunteers, and contractors.”
While no ransom was paid, it appears that threat actors were successful in exfiltrating data.
Data Affected Includes Personal Records and Student Information
The stolen data likely includes:
- Social Security numbers, driver’s license, and passport numbers of employees, volunteers, and contractors
- Files from the I-9 employment verification process
- Background check data
- Student call logs, absenteeism records, and maternity status information
The breach impacted 1.5% of BCPS students, which translates to more than 1,150 students based on current enrollment figures.
Ransom Note Possibly Linked to Cloak Ransomware Group
Local media outlet WBALTV reported the discovery of a ransom note that may be tied to the Cloak ransomware gang, though no group has officially taken credit. The CEO of BCPS, Sonja Santelises, stated that 55% of the school’s employees were affected, including herself.
Officials confirmed:
“Anyone who has ever been employed by the district since 2010” may be part of the impacted group.
Response Measures and Remediation Efforts Underway
In response to the breach, BCPS notified law enforcement and engaged external cybersecurity firms to assist with the investigation and recovery process. The district has also begun sending breach notification letters to individuals whose data may have been exposed.
To support affected individuals, BCPS is offering two years of credit monitoring services. A dedicated call center has been set up to handle inquiries related to the incident.
As part of its remediation strategy, the district has deployed endpoint detection and response (EDR) solutions across its systems. In addition, all user passwords have been reset to enhance security and prevent further unauthorized access.
A BCPS spokesperson stated:
“We completed our investigation yesterday and notified those impacted and the community today.”
The district also confirmed that the attack did not significantly disrupt school operations.
History of Cyberattacks and Rising Threats in K–12 Sector
Baltimore City’s educational and government systems have faced repeated cyberattacks in recent years:
- A 2020 cyberattack on BCPS cost over $10 million in damages and upgrades
- A 2019 ransomware attack disrupted Baltimore’s city government operations
So far in 2025, cybersecurity researchers have tracked at least 75 ransomware attacks on K–12 schools and colleges, marking one of the highest volumes on record for the education sector.
