Watch CBS News

Ransomware attacks have been on rise, and CBS 2 has found out why schools are especially vulnerable

CHICAGO (CBS) -- The Chicago Public Schools reported last week that a data breach exposed years' worth of records for tens of thousands of students and staff.

CPS officials said a technology vendor, Battelle for Kids, was the victim of a ransomware attack last December, on a server that stores course information and evaluations.

The breach affected students who were enrolled between 2015 and 2019. Notices are going out.

While CPS said no personal information, like Social Security numbers or financial information, was taken, the data that was exposed included children's names, birthdates, genders, CPS student ID number, and course information.

No health data, current course or schedule information, course grades, or standardized test scores were involved.

As a precaution, CPS is offering parents a free year of credit monitoring for all of the three major credit agencies.

Impacted families and staff are invited to call 833-909-4007, visit cps.edu/databreach or email BFK-Breach-Info@cps.edu for more information.

Ransomware attacks have become more common with the rise in remote work and e-learning. Schools are particularly vulnerable, and CBS 2 Political Investigator Dana Kozlov found out why back in September.

CBS 2 in September found one southwest suburban school district that was targeted. Private information was taken, with parents and staff caught completely off guard. That is -- until Kozlov told them.

Kozlov cold-called suburban strangers from names on a list the CBS 2 Investigators pieced together. She called to alert them to some of their most private details CBS 2 found publicly exposed on the dark web.

Everyone reached at the time had no idea their information was stolen, or how it happened.

"Think of it as a cyber bomb," Crane Hassold, Director of Threat Intelligence at Abnormal Security, said in our September report. "It goes off, locks up all the data, shows the ransom note, and the situation goes from there."

Hassold was explaining ransomware. He said it is a kind of cyberattack that holds sensitive and personal data hostage until payment is made. Hard-to-trace cyber swindlers are the culprits.

"They also say if you don't pay us by a certain date, they will expose all of the information they've locked up to everyone on the internet," Hassold said in September.

It's a dark web data dump, if you will, often following a ransom note. School districts have become prime targets.

"We launched (in 2020), because of the threats facing the school sector," said Doug Levin, who heads the non-profit K12 Security Info Exchange (K12 SIX). He has documented nearly 1,200 school cyber incidents since 2016 nationwide.

All of those attacks were publicly exposed. However, Levin said, "What those practitioners told me is that what I am seeing in publicly disclosed incidents is only the tip of the iceberg."

It is the tip of the iceberg when it comes to the actual number of cyber threats facing school districts. But why?

"Student data itself is considered among the more valuable things that criminals can get a hold of, because they have pristine credit records," Levin said in September.

The CBS 2 Investigators last year submitted public records requests to 60 of Illinois' 850 school districts, asking for any correspondence about cyber breaches – including ransomware. Palos Community Consolidated School District 118 acknowledged two cyber-attacks in September and December of last year.

The district's internal emails and a notice on its website mention the attacks and report that security audits were conducted and there was "no reason to believe that personally identifiable student or staff information was breached or otherwise compromised."

However, it didn't take the CBS 2 Investigators long to find out that's wrong.

"You can see these are all of the different files," said Hassold.

His data dive on the dark web turned up dozens of internal District 118 files – all the result, he said, of a ransomware attack. He found especially sensitive information among the files.

We sent screenshots in September of the district's dark web data files to Supt. Anthony Scarsella. He thanked us, adding they'd be turning over the information our investigation uncovered to their insurance carrier for review with the team that conducted those audits.

View CBS News In
CBS News App Open
Chrome Safari Continue
Be the first to know
Get browser notifications for breaking news, live events, and exclusive reporting.