Chicago Public Schools

Hackers expose information for 700,000 current and former Chicago students, district says

By 
Mila Koumpilova
 | March 7, 2025, 9:23pm UTC
Four students with backpacks walk down a hallway with lockers on the left of them.
Students walk a hallway at Juarez High School on Thursday, June 9, 2022 in Chicago. CPS said Friday that student information was stolen and posted on the dark web. | Christian K. Lee for Chalkbeat (Christian K. Lee for Chalkbeat)

Sign up for Chalkbeat Chicago’s free daily newsletter to keep up with the latest news on Chicago Public Schools.

In a ransomware attack last year, Russian hackers stole private information for more than 700,000 current and former Chicago Public Schools students and put it on the dark web, district officials said Friday.

According to the district, the hackers gained access to a server where a CPS technology vendor stores student data. Using a weakness in the vendor’s software that CPS uses to share data with other agencies, the hackers stole information from the district and more than 60 other organizations across the country.

Students’ names, dates of birth, genders, and Chicago Public Schools student ID numbers were stolen.

“While we are still investigating this incident, we believe that all current students, and all former students dating back to the 2017-2018 school year were impacted,” the district said in a statement.

For roughly half of the impacted students, or about 344,000 current and former students, Medicaid ID numbers and dates of program eligibility were included in the data breach.

The stolen student information was originally encrypted, which the district likened to the hackers stealing a locked briefcase but without the key. However, district officials confirmed Friday that the hackers were able to break that encryption, exposing students’ private information.

The dark web is a part of the internet inaccessible with search engines, where illegal activity often takes place. The district said it would write to families Friday afternoon to inform them about the breach.

The district said it was never contacted about paying ransom in return for the stolen data. A growing number of school districts in recent years have been victims of such data ransomware attacks, which have at times exposed sensitive student and employee information. Technology news site TechCrunch reported that the Russia-linked ransomware gang Clop stole the data from CPS and almost 60 other organizations, taking advantage of a bug in software tools from tech company Cleo.

The district said Friday it worked with the FBI, the Department of Homeland Security, the State of Illinois Department of Innovation and Technology and other agencies to investigate the incident. Officials stressed that the stolen data did not contain Social Security numbers or financial information.

The district said it does not have any evidence that any of the stolen information has been misused. More information and resources for families are at cps.edu/databreach.

Mila Koumpilova is Chalkbeat Chicago’s senior reporter covering Chicago Public Schools. Contact Mila at mkoumpilova@chalkbeat.org.

The Latest
Credit recovery: This student explores if it's second chance to pass or fail?

Credit-recovery programs give students the chance to earn credits they need for the next grade or graduation. But do these second chances to pass give the system permission to fail?

By 
Jeremiah Dickerson, THE BELL
 | December 12
New data shows why Philly is looking to expand efforts that help keep 9th graders on track

Roughly 90% of high schoolers who weren’t on track to graduate by the end of 9th grade stayed off track in 10th grade, according to a November district analysis.

By 
Rebecca Redelmeier
and
Carly Sitrin
 | December 12
Slightly more than 30% Chicagoans aware city will have fully-elected school board by 2027

A survey of 1,361 Chicago adults, conducted by NORC at the University of Chicago, found lower awareness of the elected school board among younger people and those who identify as Black and Latino.

By 
Becky Vevea
 | December 12
Attorneys argue over school safety and mental health funding mandate in Michigan court

Dozens of school districts filed a lawsuit against the state challenging conditions placed on receiving school safety and mental health funding.

By 
Lori Higgins
 | December 12
Philadelphia’s school board will look into transferring some vacant schools to the city

Mayor Cherelle Parker has publicly said she wants to use vacant buildings for housing. The school board approved a resolution saying it will look into it.

By 
Carly Sitrin
 | December 11
Failed ramps, cost overruns, years of delays: School construction projects infuriate NYC parents

NYC’s School Construction Authority faces widespread criticism from parents and educators over chronic delays, shoddy work, and cost overruns on critical school renovation projects.

By 
Ananya Chetia
 | December 11