BCPS Cyberattack Confirmed: Employee and Student Data Potentially Compromised

The Baltimore City Public Schools system has confirmed a cybersecurity incident that compromised the personal information of certain individuals associated with the district, including current and former employees, volunteers, contractors, and a small percentage of students. This Baltimore City Public Schools cyberattack, which occurred on February 13, 2025, is currently under investigation with assistance from law enforcement and cybersecurity professionals. Baltimore City Public Schools Cyberattack Key Takeaways: Incident Date: February 13, 2025 Impact: Employee, volunteer, contractor, and student information compromised Student Data: Less than 1.5% of the student population affected Response: Law enforcement notified, systems secured, credit monitoring offered Next Steps: Call center support, ongoing cybersecurity upgrades, forensic audit What Happened? On February 13, Baltimore City Public Schools (BCPS) detected unusual activity affecting parts of its IT network. Immediate steps were taken to contain the incident, which included notifying law enforcement, initiating an internal investigation, and securing the compromised systems. In coordination with cybersecurity experts, a thorough investigation was carried out, revealing that criminal actors had accessed and possibly exfiltrated certain documents from the district’s network. The cyberattack on Baltimore City Public Schools affected information related to some staff, volunteers, and contractors, particularly those who had completed background checks or I-9 verification during onboarding. Additionally, data involving less than 1.5% of the student population was found in the compromised files. What Information Was Involved? The stolen or accessed files potentially included: For Employees, Volunteers, and Contractors: Social Security numbers, driver’s license numbers, and passport numbers tied to background checks and I-9 verification. For Students (Less Than 1.5%): Call logs, absentee records, student data, and in limited cases, information about maternity status. Despite the Baltimore City Public Schools data breach, school operations and critical services remained largely undisturbed thanks to a swift and aggressive response by the district's IT team and investigators. How Is Baltimore City Public Schools Responding? Baltimore City Public Schools has taken several critical steps in the aftermath of this cybersecurity incident to protect those affected and bolster its digital defenses: Notification Letters: On April 22, 2025, City Schools began mailing out letters to individuals whose data may have been compromised. These letters include details about what was affected and instructions on accessing free protective services. Credit Monitoring Services: Impacted individuals have been offered complimentary 24-month credit monitoring and identity protection services. These are designed to detect and alert users to suspicious activity and help mitigate the risk of identity theft. Call Center for Support: A dedicated call center has been established to answer questions and guide individuals through the enrollment process for the monitoring services. Cybersecurity Enhancements: In response to the breach, BCPS has implemented a range of cybersecurity upgrades: Installation of endpoint detection and response (EDR) tools across its network. Resetting all user passwords district-wide. Conducting a full forensic audit to understand the method of intrusion and enhance existing security protocols. Ongoing review and revision of policies to ensure proactive defense against evolving cyber threats. Commitment to Transparency and Security Baltimore City Public Schools has emphasized its commitment to safeguarding personal information and restoring trust with its community. The district acknowledged the concerns caused by the incident and expressed regret for any distress or inconvenience it may have caused to students, staff, and families. “We deeply value the trust our students, families, and staff place in us to protect their privacy. We regret any concern this may have caused,” stated a spokesperson from the school system. What Can Impacted Individuals Do? In addition to enrolling in the credit monitoring service provided by Baltimore City Public Schools, affected individuals are encouraged to take the following precautions: Monitor Credit Reports: Regularly check credit reports for unauthorized or suspicious activity. Place a Fraud Alert: Contact one of the major credit bureaus (Equifax, Experian, TransUnion) to place a fraud alert on personal credit files. File Reports if Needed: If any suspicious activity is noticed, individuals should report it to local law enforcement, the state attorney general, or the Federal Trade Commission (FTC). Use Identity Protection Tools: Consider freezing credit to prevent unauthorized accounts from being opened. Broader Implications Schools and universities across the U.S. have become common targets for threat actors due to their large repositories of personal and sensitive data. The cyberattack on Baltimore City Public Schools underlines the need for continuous investment in cybersecurity infrastructure, employee training, and data protection policies. Experts warn that such breaches could become more frequent and severe unless educational institutions adopt advanced cybersecurity practices. For those impacted or with questions, Baltimore City Public Schools urges you to contact their dedicated support line provided in the notification letter or visit the district’s official website for more information.