A major data breach at Chicago Public Schools (CPS) has potentially affected current and former students dating back to the 2017-18 school year. The breach occurred when a technology vendor, Cleo, which provides file transfer services for the district, had its server hacked. This unauthorized access exposed a wide range of personal details, including students’ names, birth dates, genders, and student IDs. In addition, students who were enrolled in Medicaid had their Medicaid ID numbers and eligibility dates compromised. However, CPS officials clarified that no Social Security numbers, financial details, or health data were accessed during the attack.
The scale of the breach is vast, affecting over 320,000 students across the district. CPS officials advised everyone impacted by the breach, both past and present students, to carefully monitor their credit reports for signs of any suspicious activity. Despite the extent of the breach, experts believe the stolen information may not lead to significant long-term harm. According to Bill Kresse, a fraud expert from Governors State University, the lack of sensitive financial or health data limits the overall risk.
Still, he acknowledged that the breach remains serious and could potentially be used for identity theft in the future.
Kresse explained that, although the breach did not involve sensitive information like Social Security numbers or health data, the stolen personal data could still be useful for fraudulent activities. He urged those affected to take preventative measures against identity theft. Kresse suggested that students who attended CPS since the 2017-18 school year should immediately freeze their credit with the major credit bureaus, Equifax, Experian, and TransUnion.
Freezing credit can prevent fraudsters from opening new accounts under a person’s name, offering an important layer of protection in the event of identity theft.
The expert emphasized that anyone whose data was involved in the breach should assume their personal information may be circulating on the dark web. Given the likelihood of stolen data being sold or traded, Kresse urged everyone to freeze their credit until they need to use it. This proactive step would ensure that fraudsters cannot access the affected individuals’ credit and open fraudulent accounts. While CPS is taking steps to address the breach, the damage from this massive data exposure may take years to fully assess, leaving students to remain vigilant and proactive in safeguarding their identities.
Reference:
