Baltimore City Public Schools Cyberattack Impacts 31,000 People
A massive cyberattack on Baltimore City Public Schools has exposed sensitive personal information of 31,125 individuals, including current and former students, employees, volunteers, and contractors. The breach, discovered in February, involved the criminal group Cloak Ransomware gaining access to the school district’s IT systems.
The stolen information includes Social Security numbers, passport details, birth certificates, and other data that could be used for identity theft. Initially, 25,000 people were thought to be affected, but the number increased to 31,125, including about 1,100 current students and more than half of the district’s current employees.
Jeff Karberg, director of the Maryland Attorney General’s Identity Theft Unit, emphasized the severity of the breach, stating, “Any time a breach is impacting five digits’ worth of people, I consider that sort of inherently a lot — that’s big.” Karberg warned that the stolen information could be used for new account fraud, such as applying for credit cards or loans.
To protect themselves, Karberg recommends that affected individuals freeze their credit reports. “It’s always much easier to convince people to freeze their credit reports after they’ve been a victim, but I want to say, it’s an ounce of prevention is worth a pound of cure here,” he said. Baltimore City Public Schools is offering two years of free credit monitoring to those affected and has established a call center to help individuals enroll in mitigation services.
The Baltimore City Public Schools Board of School Commissioners has approved an emergency contract to hire cybersecurity firm CrowdStrike to conduct a forensic analysis of the data breach. Karberg noted that data breaches in Maryland have surged from 181 in 2013 to 1,553 in 2023, emphasizing the growing need for robust cybersecurity measures.
Those affected are advised to review their personal account statements and credit reports, report suspected fraud to law enforcement, and consider placing fraud alerts or security freezes on their credit files.
