Baltimore Metropolis Public Colleges notified tens of hundreds of staff and college students of a data breach following an incident in February when unknown attackers hacked into its community.
Established in 1829, the general public college district gives major and secondary schooling to 76,841 enrolled college students by means of 164 faculties and packages.
“On February 13, 2025, Baltimore Metropolis Public Colleges skilled a cybersecurity incident affecting sure IT methods inside our community. We promptly notified legislation enforcement, carried out an preliminary investigation, and took steps to verify the security of our methods,” Metropolis Colleges stated in a Tuesday notification.
“Following a radical investigation with the steering of legislation enforcement and exterior cybersecurity specialists, we have now confirmed that sure paperwork could have been compromised by prison actors, which contained data belonging to some present and former staff, volunteers, and contractors, in addition to recordsdata associated to lower than 1.5% of our pupil inhabitants.”
Regardless that the precise variety of college students affected by this breach wasn’t shared, based mostly on present pupil enrollment numbers, the attackers gained entry to delicate knowledge belonging to roughly 1,150 college students, in response to the college district’s estimations. Moreover, the Maryland Workplace of the Legal professional Basic confirmed to The Baltimore Solar that the breach impacts over 31,000 people.
Throughout the breach, the risk actors could have stolen folders, recordsdata, or information containing social security numbers, driver’s license numbers, or passport numbers belonging to present and former staff, volunteers, and contractors. Recordsdata uncovered through the incident might also have contained a mixture of pupil knowledge, name logs, absenteeism information, or the maternity standing of at present enrolled college students.
Breach linked to Cloak ransomware
Whereas the college district did not hyperlink the assault to a particular risk group or cybercrime operation, a WBALTV report linked it to Cloak ransomware. This ransomware operation surfaced in late 2022 and has since claimed over 130 victims, most of them small—to medium-sized companies.
Baltimore Metropolis Public Colleges now gives complimentary credit score monitoring companies to these affected and urges impacted people to evaluate private account statements and monitor credit score stories to forestall id theft makes an attempt.
In November 2020, Baltimore County Public Colleges, a Maryland college district that manages all public faculties in Baltimore County, Maryland, additionally disclosed a data breach following a ransomware assault that compelled it to close down its community because of the variety of impacted methods.
One 12 months earlier, in Might 2019, a RobbinHood ransomware assault encrypted authorities servers at Baltimore Metropolis Corridor. One other ransomware incident impacted Baltimore Metropolis’s emergency name system in March 2018, forcing the employees to modify to guide operations to deal with all incoming emergency calls.
