Baltimore City Public Schools is the latest education system hit by cybercrime, with a data breach exposing the personal information of over 31,000 individuals.
What happened
Baltimore City Public Schools disclosed a data breach that compromised sensitive information belonging to tens of thousands of students, employees, volunteers, and contractors. The breach occurred on February 13, 2025, when unknown attackers infiltrated the district’s network. City Schools promptly notified law enforcement and initiated an investigation with the help of external cybersecurity experts to assess the extent of the breach.
Going deeper
The investigation confirmed that criminal actors accessed and potentially stole documents containing personally identifiable information (PII). The compromised data includes Social Security numbers, driver's license numbers, passport numbers, call logs, absenteeism records, and maternity status information for some students. While the exact number of impacted students was not shared, it’s estimated that roughly 1,150 students were affected. The Maryland Office of the Attorney General confirmed that more than 31,000 individuals in total were impacted.
Although City Schools did not officially attribute the breach to a specific threat actor, reporting from WBALTV linked the incident to the Cloak ransomware group. Cloak emerged in 2022 and has since targeted over 130 organizations, primarily small and medium-sized businesses.
In response to the breach, Baltimore City Public Schools is offering free credit monitoring services to affected individuals and urging them to stay vigilant by monitoring their financial accounts and credit reports.
What was said
In a public notification, City Schools stated: “Since the incident, we have implemented a series of additional cybersecurity enhancements, including the installation of endpoint detection and response software and the resetting of all passwords. We will continue to assess our existing procedures and the findings of the forensic audit to strengthen our defenses against evolving threats.” The district acknowledged that some sensitive information had been compromised and discussed its ongoing commitment to protecting the personal data of its community.
The big picture
The Baltimore City Public Schools breach shows how a single ransomware attack can compromise personal data, from Social Security numbers to student records, for thousands of individuals. As threat groups like Cloak target institutions with aging infrastructure and large data footprints, the cost of delayed cybersecurity modernization becomes immediate and personal.
FAQs
Why would attackers target a school district like Baltimore City Public Schools?
School districts hold a large amount of sensitive personal data, but often have weaker cybersecurity compared to corporate targets.
What risks do affected individuals face after this breach?
Stolen information like Social Security numbers and passports can be used for identity theft, financial fraud, and phishing scams.
How long could the effects of a breach like this last?
Identity theft risks can surface months or even years later, especially when data like SSNs is involved.
Is there a known link between this attack and larger ransomware trends?
Yes, groups like Cloak are part of a broader surge in ransomware attacks against public institutions, especially in education.
What systemic changes are needed to better protect schools from cyberattacks?
Experts recommend regular security audits, mandatory cybersecurity training, stricter network access controls, and dedicated funding for school IT defenses.
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
Farah Amod
