Baltimore Metropolis Public Faculties notified tens of hundreds of staff and college students of an information breach following an incident in February when unknown attackers hacked into its community.
Established in 1829, the general public college district supplies main and secondary schooling to 76,841 enrolled college students by way of 164 colleges and applications.
“On February 13, 2025, Baltimore Metropolis Public Faculties skilled a cybersecurity incident affecting sure IT programs inside our community. We promptly notified legislation enforcement, carried out an preliminary investigation, and took steps to substantiate the safety of our programs,” Metropolis Faculties stated in a Tuesday notification.
“Following a radical investigation with the steerage of legislation enforcement and exterior cybersecurity specialists, we’ve got confirmed that sure paperwork could have been compromised by prison actors, which contained info belonging to some present and former staff, volunteers, and contractors, in addition to recordsdata associated to lower than 1.5% of our scholar inhabitants.”
Regardless that the precise variety of college students affected by this breach wasn’t shared, based mostly on present scholar enrollment numbers, the attackers gained entry to delicate information belonging to roughly 1,150 college students, in accordance with the varsity district’s estimations. Moreover, the Maryland Workplace of the Legal professional Common confirmed to The Baltimore Solar that the breach impacts over 31,000 people.
In the course of the breach, the menace actors could have stolen folders, recordsdata, or information containing social safety numbers, driver’s license numbers, or passport numbers belonging to present and former staff, volunteers, and contractors. Information uncovered in the course of the incident may additionally have contained a mixture of scholar information, name logs, absenteeism information, or the maternity standing of at the moment enrolled college students.
Breach linked to Cloak ransomware
Whereas the varsity district did not hyperlink the assault to a particular menace group or cybercrime operation, a WBALTV report linked it to Cloak ransomware. This ransomware operation surfaced in late 2022 and has since claimed over 130 victims, most of them small—to medium-sized companies.
Baltimore Metropolis Public Faculties now supplies complimentary credit score monitoring providers to these affected and urges impacted people to evaluation private account statements and monitor credit score reviews to stop identification theft makes an attempt.
In November 2020, Baltimore County Public Faculties, a Maryland college district that manages all public colleges in Baltimore County, Maryland, additionally disclosed an information breach following a ransomware assault that pressured it to close down its community as a result of variety of impacted programs.
One yr earlier, in Could 2019, a RobbinHood ransomware assault encrypted authorities servers at Baltimore Metropolis Corridor. One other ransomware incident impacted Baltimore Metropolis’s emergency name system in March 2018, forcing the workers to change to guide operations to deal with all incoming emergency calls.
