Baltimore Metropolis Public Faculties notified tens of 1000’s of staff and college students of an information breach following an incident in February when unknown attackers hacked into its community.
Established in 1829, the general public faculty district supplies major and secondary training to 76,841 enrolled college students via 164 faculties and applications.
“On February 13, 2025, Baltimore Metropolis Public Faculties skilled a cybersecurity incident affecting sure IT methods inside our community. We promptly notified legislation enforcement, performed an preliminary investigation, and took steps to substantiate the safety of our methods,” Metropolis Faculties stated in a Tuesday notification.
“Following a radical investigation with the steering of legislation enforcement and exterior cybersecurity consultants, we have now confirmed that sure paperwork could have been compromised by legal actors, which contained info belonging to some present and former staff, volunteers, and contractors, in addition to recordsdata associated to lower than 1.5% of our pupil inhabitants.”
Regardless that the precise variety of college students affected by this breach wasn’t shared, based mostly on present pupil enrollment numbers, the attackers gained entry to delicate knowledge belonging to roughly 1,150 college students, based on the college district’s estimations. Moreover, the Maryland Workplace of the Lawyer Normal confirmed to The Baltimore Solar that the breach impacts over 31,000 people.
Through the breach, the risk actors could have stolen folders, recordsdata, or data containing social safety numbers, driver’s license numbers, or passport numbers belonging to present and former staff, volunteers, and contractors. Recordsdata uncovered through the incident can also have contained a mix of pupil knowledge, name logs, absenteeism data, or the maternity standing of at the moment enrolled college students.
Breach linked to Cloak ransomware
Whereas the college district did not hyperlink the assault to a selected risk group or cybercrime operation, a WBALTV report linked it to Cloak ransomware. This ransomware operation surfaced in late 2022 and has since claimed over 130 victims, most of them small—to medium-sized companies.
Baltimore Metropolis Public Faculties now supplies complimentary credit score monitoring companies to these affected and urges impacted people to evaluate private account statements and monitor credit score reviews to forestall id theft makes an attempt.
In November 2020, Baltimore County Public Faculties, a Maryland faculty district that manages all public faculties in Baltimore County, Maryland, additionally disclosed an information breach following a ransomware assault that compelled it to close down its community as a result of variety of impacted methods.
One 12 months earlier, in Could 2019, a RobbinHood ransomware assault encrypted authorities servers at Baltimore Metropolis Corridor. One other ransomware incident impacted Baltimore Metropolis’s emergency name system in March 2018, forcing the workers to modify to guide operations to deal with all incoming emergency calls.
