A significant data breach at Chicago Public Schools (CPS) has exposed the personal information of hundreds of thousands of current and former students.
District officials confirmed the breach in a letter to parents, stating that while an investigation is underway, there’s no evidence of information misuse.
The breach, perpetrated by an unauthorized third party late last year, targeted a server owned by CPS technology vendor Cleo, a file transfer software provider.
The attack compromised data on this server, and CPS was notified of the data access on February 8th. The district was obligated to notify affected parties within 30 days, as mandated by the Student Online Personal Protection Act.
The compromised data included students’ names, dates of birth, gender, and student identification numbers. For students enrolled in Medicaid, the breach also exposed Medicaid identification numbers and eligibility dates.
However, officials emphasized that Social Security numbers, financial information, and health data were not affected. The FBI and the Illinois attorney general are currently investigating.
“CPS is deeply committed to the security of student information, and we expect the same level of care and commitment from our vendors,” said Norman Fleming, CPS chief information officer, in the letter to parents.
“Please know that the protection of your child’s personal information is a top priority, and we sincerely regret any concern or inconvenience that this matter may cause you.”
The district believes the breach affected all current and former students dating back to the 2017-18 school year. Staff data was not compromised. CPS will provide updates and resources on its website at cps.edu/databreach.
The incident highlights the critical need for robust data security measures, especially within educational institutions handling sensitive student information. Similar breaches, such as the recent Scott County breach also emphasize the widespread vulnerability of sensitive data.
For a deeper understanding of the evolving threat landscape, explore our comprehensive guide on Top Cyber Threats Facing Enterprise Businesses in 2025.
