Ransomware Attack Exposes Data of 500,000 Chicago Students and Staff

The gang responsible for the attack, which happened in December, is still it large.
Isobel O'Sullivan

Chicago Public School (CPS) has just disclosed that 495,000 students and 56,000 members of staff have had their data exposed in a ransomware attack.

The records were compromised after Battelle for Kids, a not-for-profit organization that handles student data, was targeted on December 1st last year. Names, dates of birth, and grades are just some examples of the leaked information.

News of this breach comes just weeks after the 157-year-old Lincoln colleague was forced to close its doors in response to a similar cyberattack. As ransomware attacks against both public and private institutions continue to surge across the US, conducting best cybersecurity practices has never been so important.

Massive Data Breach Impacts Chicago Public Schools

Yesterday, the CPS announced the details of a cyberattack that exposed the personal information of almost half a million students in its school system.

The ransomware attack was launched against Battelle for Kids, a not-for-profit technology organization that handles course information and assessment data for teacher evaluations. The breach exposed personal information of children and teachers that were attending public schools in Chicago from the years 2015 to 2019.

“In December 2021, Battelle for Kids was the victim of a cybersecurity ransomware attack. We immediately engaged a national cybersecurity firm to assess the scope of the incident and took steps to mitigate the potential impact.” – Statament by Battelle for Kids

Those affected by the breach has now been notified, and they will also be eligible to receive free identity theft protection and credit motoring from the CPS.

What Information was Obtained?

According to Chicago Public Schools, the unauthorized party gained access to full names, dates of birth, genders, grade levels, schools, Chicago Public Schools student ID numbers, State Student ID numbers, and course information.

The body explains that no home addresses, Social Security Numbers, or health and financial information were exposed during the attack.

Ransomware Gang Still at Large

Details of the crime have been reported to the Federal Bureau of Investigation (FBI) and the Department of Homeland Security (DHS). However, authorities are still yet to find who is behind the attack.

Typically, when targets of ransomware attacks refuse to make payments, extortion groups publically broadcast the stolen data. Since there has been no recent announcement from ransomware groups, it's possible that Battelle for Kids has paid the ransom to keep the information from entering the public domain.

How To Avoid Becoming a Ransomware Statistic

The scale of Battelle for Kids' data breach is huge. Yet, as cybercrime appears to be entering a new era, the attack is not unique. Just in the last month, a number of other educational facilities have been on the receiving end of vicious cyberattacks.

This includes ransomware attacks levied against North Carolina A&T State University in Greensboro, North Carolina, and Florida International University. The group BlackCat, also known as ALPHV, has since taken responsibility for both infractions.

The discovery of the Battle for Kid's hack also follows Lincoln College closing its doors after 157 years, after being subjected to malicious ransomware.

But these online threats aren't just confined to the education sector. Ransomware attacks across the US have grown 67.5% year on year, according to a recent report by SonicWall. What's more, the majority of these attacks are leveraged against small-to-medium-sized businesses because they're assumed to have weaker end-point security.

To avoid meeting the same fate as countless other companies, here are some effective ways to prevent, and limit the impact, of cyber attacks:

  • Use antivirus software and make sure it is regularly updated
  • Back up your data regularly
  • Educate your workforce about the best cybersecurity practices
  • Set up a firewall to protect your companies resources
  • Use password managers, and change passwords regularly
  • If attacked with ransomware, follow FBI advice and avoid paying the ransom – there is no guarantee this will allow you to retrieve your data
This article was last updated on:
Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Isobel is a writer at Tech.co with a wealth of experience covering business and technology news. Since specializing in Digital Anthropology at University College London (UCL), she’s been a regular contributor to Market Finance’s blog and has also spent time working as a freelance tech researcher. As a writer, Isobel takes a particular interest in issues regarding data security, social media, and emerging business technology.

Explore More See all news
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals