A technology vendor for Chicago Public Schools was the victim of a cyberattack late last year on a server used to store current and former student data, according to a CPS letter to family and staff.
The targeted vendor, called Cleo, is a file transfer software used for Electronic Data Interchange with external entities, the letter said.
CPS said they learned Feb. 8 that student data had been inappropriately accessed during the incident. As of now, there is no evidence to suggest that student data has been misused.
The letter stated that the unauthorized party gained access to students' name, date of birth, gender and Chicago Public Schools student ID number. Although the incident is still being investigated, it is believed to affect current students as well as former students dating back to the 2017-2018 school year.
CPS said no social security numbers, financial information, or health data were accessed during this incident.
Students enrolled in federal Medicaid programs also had their Medicaid ID number and dates if program eligibility exposed. Medicaid ID numbers, also known as Recipient Identification Numbers, cannot be used to obtain a social security number.
CPS said the incident has been reported to the appropriate law enforcement authorities, and they are continuing to assist with the investigation.
Local
Any additional resources or recommended steps for families will be posted here, according to CPS.
Although there was no financial information obtained, concerned parties can request a free credit report to look for signs of identity theft.
Feeling out of the loop? We'll catch you up on the Chicago news you need to know. Sign up for the weekly Chicago Catch-Up newsletter.
