Mila Koumpilova reports an update to the Clop attack on entities using the Cleo file transfer software.
In a ransomware attack last year, Russian hackers stole private information for more than 700,000 current and former Chicago Public Schools students and put it on the dark web, district officials said Friday.
According to the district, the hackers gained access to a server where a CPS technology vendor stores student data. Using a weakness in the vendor’s software that CPS uses to share data with other agencies, the hackers stole information from the district and more than 60 other organizations across the country.
Students’ names, dates of birth, genders, and Chicago Public Schools student ID numbers were stolen.
“While we are still investigating this incident, we believe that all current students, and all former students dating back to the 2017-2018 school year were impacted,” the district said in a statement.
For roughly half of the impacted students, or about 344,000 current and former students, Medicaid ID numbers and dates of program eligibility were included in the data breach.
The stolen student information was originally encrypted, which the district likened to the hackers stealing a locked briefcase but without the key. However, district officials confirmed Friday that the hackers were able to break that encryption, exposing students’ private information.
Read more at Chalkbeat.
h/t, @DougLevin