Local News

Chicago Public Schools hit by massive data breach. What do you need to know?

By Jermont Terry

/ CBS Chicago

Massive data breach hits Chicago Public Schools

Current and former students who attended Chicago Public Schools over the past eight years could be impacted by a huge data breach.

CPS officials on Friday announced that a vendor's server was hacked, exposing personal information for all current and former students dating back to the 2017-18 school year.

A technology vendor named Cleo, a file transfer software system used by the district, had its system hacked late last year, accessing students' names, date of birth, gender, and CSP student ID number. For students enrolled in Medicaid, their Medicaid ID number and dates of program eligibility also were exposed.

No students' social security numbers, financial information, or health data was accessed, according to CPS.

CPS officials advised all current and past students to check their credit reports.

With CPS enrollment currently at more than 320,000 students, the number of people affected by the hack is massive, but one fraud expert said the information that was stolen could limit the long-term ramifications, though the breach is still serious.

"The breach is not good, but it's not that bad," said Governors State University professor Bill Kresse, a certified fraud examiner also known as Professor Fraud. "I'm not surprised. This happens, and if they get in, if there's a large cache of data, they're going to steal it all. We have to always be wary."

 While hackers did not access any students' Social Security numbers, financial information, or health data, Kresse said they should take no chances and take steps to protect themselves against identity theft.

"The problem is, we know there are some bad actors out there who are putting together these large databases, where they're correlating all the information they need to steal your identity. So it is potentially a problem," he said.

Kresse said anyone who has been a CPS student since the 2017-18 school year should protect themselves by freezing their credit reports with Equifax, Experian, and Transunion, so that fraudsters can't access their credit and open new accounts in their name.

"Contact all three bureaus. Freeze those reports," he said.

Kresse said people should assume their personal information is likely somewhere on the dark web. That's why he recommends freezing your credit until you need to use it.

Jermont Terry

Jermont Terry joined the CBS 2 team in October 2019. He's born and raised on Chicago's South Side. He's happy to return home to report on his community after 18 years of uncovering stories across the country.

© 2025 CBS Broadcasting Inc. All Rights Reserved.

Read more
f

We and our partners use cookies to understand how you use our site, improve your experience and serve you personalized content and advertising. Read about how we use cookies in our cookie policy and how you can control them by clicking Manage Settings. By continuing to use this site, you accept these cookies.