CPS data breach: Cyberattack exposed personal information of current, former students

CHICAGO - A cyberattack on a Chicago Public Schools (CPS) technology vendor exposed personal data of current and former students, including names, birthdates, and student ID numbers, officials said.

CPS Data Breach

What we know:

Late last year, Cleo, a CPS technology vendor, was attacked, compromising a server that stored student data. 

On Feb. 8, CPS was notified that student data had been accessed in the breach.

The exposed data included students' names, birthdates, genders, and student ID numbers. For students enrolled in Medicaid, their program ID numbers and eligibility dates were also compromised, according to CPS.

CPS said all current students and former students dating back to the 2017-2018 school year were likely affected. No Social Security numbers, financial details, health data, or staff information were involved.

No Social Security numbers, financial information or health data were involved in the cyberattack. No staff information was accessed either. 

What you can do:

CPS encourages victims to request a free credit report and consider placing a fraud alert or security freeze with consumer reporting agencies.

"CPS is deeply committed to the security of student information, and we expect the same level of care and commitment from our vendors. As an organization, CPS takes proactive measures to limit exposure by continuously strengthening our defenses and including strong provisions in vendor contracts to ensure our data is protected. Through ongoing diligence and improvement, we will continue to adapt our security posture to reduce the risk of future breaches," a statement from CPS Chief Information Officer Norman Fleming reads. "Please know that the protection of your child’s personal information is a top priority, and we sincerely regret any concern or inconvenience that this matter may cause you." 

We'll bring more updates to this story as they become available.