Baltimore schools cyberattack compromises staff and student data

This story was originally published by The Baltimore Banner, a partner with Technical.ly in the Baltimore News Collaborative. The collaborative is a project exploring the challenges and successes experienced by young people in Baltimore, supported by the Annie E. Casey Foundation.

A cybersecurity breach at Baltimore City Public Schools compromised information on former staff, over half of current school employees and over 1,000 students.

The attack happened Feb. 13 and affected “certain IT systems within our network,” according to a news release the school district sent on Tuesday. The school system immediately notified police, who investigated.

City schools learned that “certain documents may have been compromised by criminal actors.”

The documents “contained information belonging to some current and former employees, volunteers, and contractors, as well as files related to less than 1.5% of our student population,” according to the school system, which teaches over 75,000 students.

The breach affected approximately 55% of the school system’s current employees, which include full-time staff, substitutes and temporary staff were impacted, the district stated. Sonja Santelises, the school system’s CEO, was one of them.

“I am feeling what I’m sure many of our staff will be feeling, and it is a feeling of exposure,” she said.

However, she’s grateful that it wasn’t worse.

She said she cannot speak to what kind of data was compromised but said Baltimore City Schools have been the targets of “numerous” attack attempts.

“This is the first one that has gotten through to this extent,” the CEO added.

Making sure staff are taken care of has been the system’s first priority, she said. Second, is making sure the system itself is secure.

Notification letters were mailed to anyone whose data may have been breached. They’ll receive complimentary access to credit monitoring services to help mitigate any potential harm.

The district created a call center to provide further assistance, installed additional cybersecurity enhancements and reset all passwords.

The good news is that the overwhelming majority of students were not affected, nor was payroll, said the CEO.

This isn’t the first time a local school system has dealt with a ransomware attack. Back in 2020, Baltimore County Public Schools experienced an attack that impacted thousands of students, employees and retirees.

➡️ Read more

• As Baltimore rebuilds from 2019 ransomware attack, is $10 million for a cure better than prevention?
• A history of major cyberattacks, in and around Baltimore