Connect with us

Cyber Security

Chicago Public Schools data breach blamed on ransomware attack on supplier

Published

on

Chicago Public Schools (CPS) has warned parents that the personal records of more than 495,000 children may have been exposed as the result of a ransomware attack on a third-party supplier.

The cyber-attack against Battelle for Kids, an Ohio-based non-profit with a mission to modernize school systems, also exposed an estimated 56,138 staff records.

Encrypted data

Cybercriminals deploying ransomware routinely take copies of databases or other data prior to encrypting them and demand ransom in exchange for a decryption key. Alternatively, attackers can threaten victims that, unless they pay up, stolen data is likely to be dumped online.

In the CPS case, cybercriminals hacked into a server that stored student course information and assessment data that is used for teacher evaluations.

Attackers gained access to 495,448 student records that included names, dates of birth, genders, grade levels, courses taken, and more. Data collected between 2015 and 2019 was potentially exposed.

Compromised staff records included names, schools, work email addresses, courses taught, and more.

The compromised systems did not host social security numbers, financial information, health data or home addresses. These factors limit the potential impact of the breach, which could nonetheless facilitate the distribution of more than usually convincing phishing messages.

CPS published an advisory on the breach last Friday. It has promised to contact affected families and staff individually and offered victims free access to credit monitoring and identity theft protection.

Battelle Royale

The breach of Battelle for Kids took place on December 1, 2021, but the supplier only notified CPS of the problem on April 26, following confirmation of the breach by an independent forensics investigator and a police investigation.

The delay in notifying affected customers about the breach has provoked some criticism on social mediaThe Daily Swig asked Battelle for Kids to comment on this criticism as well as the circumstances that led to the breach, what ransomware was involved, and what interaction (if any) it had with the cybercriminals behind the attack.

We also asked which, if any, organizations beyond CPS were affected by the breach. No word back as yet, but we’ll update this story as and when more information comes to hand.

Source: https://portswigger.net/daily-swig/chicago-public-schools-data-breach-blamed-on-ransomware-attack-on-supplier

Advertisement
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2023 Cyber Reports Cyber Security News All Rights Reserved Website by Top Search SEO