Personal information of Baltimore City Public Schools staff, students, contractors and volunteers was accessed during a cybersecurity incident targeting the school system’s IT services in February, BCPS announced on Apr. 22.
The incident occurred on Feb. 13 and the school system said that it immediately contacted law enforcement, began an initial investigation and took steps to ensure security.
“Following a thorough investigation with the guidance of law enforcement and external cybersecurity experts, we have confirmed that certain documents may have been compromised by criminal actors, which contained information belonging to some current and former employees, volunteers, and contractors, as well as files related to less than 1.5% of our student population,” the school system said in a press release.
The school system said that the criminals accessed files that may have contained data for current and former employees, volunteers and contractors, including social security numbers, driver’s license numbers, or passport numbers.
Regarding students, files may have contained information including student data, call logs, absenteeism records, or maternity status.
As a result of the breach, the school system sent a letter on Apr. 22 to those who may have been impacted and are providing complimentary 24-month credit monitoring services with the goal of mitigating further harm.
The school system is also setting up a call center to answer questions and help people enroll in mitigation services.
The school system said they are working to determine how this incident occurred and are adding new security measures.
“We have implemented a series of additional cybersecurity enhancements, including installation of endpoint detection and response software and resetting all passwords of users. We will continue to assess our procedures already in place and the results of the forensic audit for ways to defend against evolving threats,” the school system said in the press release.
