Chicago Public Schools

Hackers expose information for 700,000 current and former Chicago students, district says

By 
Mila Koumpilova
 | March 7, 2025, 9:23pm UTC
Four students with backpacks walk down a hallway with lockers on the left of them.
Students walk a hallway at Juarez High School on Thursday, June 9, 2022 in Chicago. CPS said Friday that student information was stolen and posted on the dark web. | Christian K. Lee for Chalkbeat (Christian K. Lee for Chalkbeat)

Sign up for Chalkbeat Chicago’s free daily newsletter to keep up with the latest news on Chicago Public Schools.

In a ransomware attack last year, Russian hackers stole private information for more than 700,000 current and former Chicago Public Schools students and put it on the dark web, district officials said Friday.

According to the district, the hackers gained access to a server where a CPS technology vendor stores student data. Using a weakness in the vendor’s software that CPS uses to share data with other agencies, the hackers stole information from the district and more than 60 other organizations across the country.

Students’ names, dates of birth, genders, and Chicago Public Schools student ID numbers were stolen.

“While we are still investigating this incident, we believe that all current students, and all former students dating back to the 2017-2018 school year were impacted,” the district said in a statement.

For roughly half of the impacted students, or about 344,000 current and former students, Medicaid ID numbers and dates of program eligibility were included in the data breach.

The stolen student information was originally encrypted, which the district likened to the hackers stealing a locked briefcase but without the key. However, district officials confirmed Friday that the hackers were able to break that encryption, exposing students’ private information.

The dark web is a part of the internet inaccessible with search engines, where illegal activity often takes place. The district said it would write to families Friday afternoon to inform them about the breach.

The district said it was never contacted about paying ransom in return for the stolen data. A growing number of school districts in recent years have been victims of such data ransomware attacks, which have at times exposed sensitive student and employee information. Technology news site TechCrunch reported that the Russia-linked ransomware gang Clop stole the data from CPS and almost 60 other organizations, taking advantage of a bug in software tools from tech company Cleo.

The district said Friday it worked with the FBI, the Department of Homeland Security, the State of Illinois Department of Innovation and Technology and other agencies to investigate the incident. Officials stressed that the stolen data did not contain Social Security numbers or financial information.

The district said it does not have any evidence that any of the stolen information has been misused. More information and resources for families are at cps.edu/databreach.

Mila Koumpilova is Chalkbeat Chicago’s senior reporter covering Chicago Public Schools. Contact Mila at mkoumpilova@chalkbeat.org.

The Latest
Are NYC schools teaching sex ed? It’s a touchy subject.

Episode 2 of P.S. Weekly explores the patchwork approach New York City takes to sex education and why students are demanding a different approach.

By 
Chalkbeat Staff
 | Today, 9:00am UTC
Illinois superintendent pushes back against Trump administration anti-DEI request

The U.S. Department of Education demanded states certify that they are not promoting “illegal DEI” programs. The Illinois schools chief challenged the department to define which programs are illegal.

By 
Samantha Smylie
 | Today, 1:03am UTC
Pennsylvania is not ordering schools to eliminate DEI programs

The Pennsylvania Department of Education sent a letter to the Trump administration certifying that the state “has and will continue to comply” with civil rights laws.

By 
Carly Sitrin
 | April 9
Indiana will comply with Trump's directive to pledge schools aren’t using DEI

State officials are collecting signatures from schools and districts to ensure they’re following a directive from the U.S. Department of Education.

By 
MJ Slaby
 | April 9
Colorado lawmakers reject bill regulating child care chains backed by private equity

One of the bill sponsors said she may try again in future years.

By 
Ann Schimke
 | April 9
Newark educators protest proposed federal funding cuts to schools, research, and health care

Newark educators and labor unions gathered on Tuesday to protest looming federal funding cuts and warn about their impacts on education, research, and health.

By 
Jessie Gómez
 | April 9