Chicago Public Schools (CPS) has warned parents that the personal records of more than 495,000 children may have been exposed as the result of a ransomware attack on a third-party supplier.


The cyber-attack against Battelle for Kids, an Ohio-based non-profit with a mission to modernize school systems, also exposed an estimated 56,138 staff records.


Encrypted data


Cybercriminals deploying ransomware routinely take copies of databases or other data prior to encrypting them and demand ransom in exchange for a decryption key. Alternatively, attackers can threaten victims that, unless they pay up, stolen data is likely to be dumped online.


In the CPS case, cybercriminals hacked into a server that stored student course information and assessment data that is used for teacher evaluations.


Attackers gained access to 495,448 student records that included names, dates of birth, genders, grade levels, courses taken, and more. Data collected between 2015 and 2019 were potentially exposed.