Nader Issa and Lauren FitzPatrick report:
A massive data breach has exposed four years’ worth of records of almost 500,000 Chicago Public Schools students and nearly 60,000 employees, district officials told principals Friday.
The attack targeted a company that has a no-bid contract with the district for teacher evaluations and involved basic student and staff information, with no financial records or social security numbers stolen, according to CPS.
The teacher evaluation vendor, called Battelle for Kids, was targeted in a ransomware attack on Dec. 1 of last year, the district said.
Read more at Chicago Sun-Times.
Related: CPS Notification Page. The notification explains, in relevant part:
Specifically, an unauthorized party gained access to your name, school, employee ID number, CPS email address and Battelle for Kids username during school years 2015-2016, 2016-2017, 2017-2018 and/or 2018-2019. In addition, for educators, course and schedule information and student scores on performance tasks used for teacher evaluations during the aforementioned school years were also inappropriately accessed. The server did not store any other information about you. No Social Security numbers, no home addresses, no financial information, no health data, no current course or schedule information, and no evaluation scores were
involved in this incident.
h/t, @BrettCallow