Chicago Public Schools

Hackers expose information for 700,000 current and former Chicago students, district says

By 
Mila Koumpilova
 | March 7, 2025, 9:23pm UTC
Four students with backpacks walk down a hallway with lockers on the left of them.
Students walk a hallway at Juarez High School on Thursday, June 9, 2022 in Chicago. CPS said Friday that student information was stolen and posted on the dark web. | Christian K. Lee for Chalkbeat (Christian K. Lee for Chalkbeat)

Sign up for Chalkbeat Chicago’s free daily newsletter to keep up with the latest news on Chicago Public Schools.

In a ransomware attack last year, Russian hackers stole private information for more than 700,000 current and former Chicago Public Schools students and put it on the dark web, district officials said Friday.

According to the district, the hackers gained access to a server where a CPS technology vendor stores student data. Using a weakness in the vendor’s software that CPS uses to share data with other agencies, the hackers stole information from the district and more than 60 other organizations across the country.

Students’ names, dates of birth, genders, and Chicago Public Schools student ID numbers were stolen.

“While we are still investigating this incident, we believe that all current students, and all former students dating back to the 2017-2018 school year were impacted,” the district said in a statement.

For roughly half of the impacted students, or about 344,000 current and former students, Medicaid ID numbers and dates of program eligibility were included in the data breach.

The stolen student information was originally encrypted, which the district likened to the hackers stealing a locked briefcase but without the key. However, district officials confirmed Friday that the hackers were able to break that encryption, exposing students’ private information.

The dark web is a part of the internet inaccessible with search engines, where illegal activity often takes place. The district said it would write to families Friday afternoon to inform them about the breach.

The district said it was never contacted about paying ransom in return for the stolen data. A growing number of school districts in recent years have been victims of such data ransomware attacks, which have at times exposed sensitive student and employee information. Technology news site TechCrunch reported that the Russia-linked ransomware gang Clop stole the data from CPS and almost 60 other organizations, taking advantage of a bug in software tools from tech company Cleo.

The district said Friday it worked with the FBI, the Department of Homeland Security, the State of Illinois Department of Innovation and Technology and other agencies to investigate the incident. Officials stressed that the stolen data did not contain Social Security numbers or financial information.

The district said it does not have any evidence that any of the stolen information has been misused. More information and resources for families are at cps.edu/databreach.

Mila Koumpilova is Chalkbeat Chicago’s senior reporter covering Chicago Public Schools. Contact Mila at mkoumpilova@chalkbeat.org.

The Latest
Newark students share the same food vendor that supplies a local ICE facility. Advocates want it to end.

There are multiple contracts between Newark Public Schools and Driscoll Foods authorizing the district to spend up to $12 million with the food supplier.

By 
Anna Oakes
 | Today, 11:00am UTC
Here’s what Denver school board members quarreled about at their meeting: the agenda

The flap between DJ Torres and Xóchitl Gaytán brought to mind a contentious era of the Denver school board a few years ago.

By 
Melanie Asmar
 | Today, 6:24am UTC
Colorado lawmakers want to ask voters a $2 billion question about school funding

Colorado lawmakers said the ballot measure created by the bill wouldn’t raise state taxes. Instead, it would ask voters to allow the state to reserve some Taxpayer Bill of Rights money for schools.

By 
Jason Gonzales
 | Today, 1:07am UTC
Will the federal government continue to support education research?

A new report defends the Education Department’s research arm but also calls for changes. In this Q&A, Amber Northern discusses the future of the Institute of Education Sciences.

By 
Matt Barnum
 | March 5
ASPIRA to close two Chicago high schools and will lay off all staff at the campuses

The Chicago charter network said it will cease operations at the two high schools by April 3, when all staff at the campuses will be laid off.

By 
Reema Amin
 | March 5
New report urges New Jersey schools to give parents more say in student special education programs

The state-mandated working group created the report and recommends more consistency in individualized education programs, translated materials, and more time for parents to prepare.

By 
Jessie Gómez
 | March 5