HQ/EMEAFind out how we can help your business
Baltimore City Public Schools disclosed a data breach incident earlier this year. This academic institution contacted tens of thousands of employees and students to inform them about the unfortunate event in February.
Moreover, the entity explained that it confirmed the incident after it observed unauthorised individuals infiltrating its network.
This school district, founded in 1829, offers primary and secondary education to at least 76,000 students across 164 schools and programs.
The Baltimore City Public Schools encountered a cybersecurity incident that affected some IT systems on February 13, 2025.
As stated in a notification last week, the Baltimore City Public Schools promptly notified law enforcement, initiated a preliminary investigation, and took steps to ensure the security of its systems.
An extensive investigation with law enforcement and external cybersecurity specialists has determined that malicious actors may have compromised certain documents.
These documents contained information about some current and former employees, volunteers, and contractors and files related to less than 1.5% of the student body.
Though the exact number of affected students has not been revealed, estimations suggest that the attackers accessed sensitive information belonging to about 1,150 students based on current enrollment figures.
Additionally, the Maryland Office of the Attorney General informed The Baltimore Sun that the breach has impacted at least 31,000 individuals.
On the other hand, during the breach, the threat actors may have obtained folders, files, or records storing social security numbers, driver’s license numbers, or passport numbers from current and former employees, volunteers, and contractors.
The exposed files may also have included a mix of student data, call logs, absenteeism records, or maternity statuses of enrolled students.
While the school district has not attributed the attack to a specific threat group or cybercrime operation, a report has linked it to Cloak ransomware. This group emerged in late 2022 and has since compromised over 130 victims, primarily small to medium-sized businesses.
Baltimore City Public Schools offers free credit monitoring services to affected parties and encourages them to scrutinise personal account statements and monitor credit reports to guard against other malicious activities that the data breach could produce, like identity theft.
