Chicago Public Schools breached and student information stolen

Chicago Public Schools breached and student information stolen

https://www.securityweek.com/breach-exposed-data-half-million-chicago-students-staff

Exploit: Supply Chain Risk
Chicago Public Schools: Regional Education Agency

risk-to-business-img-r1

Risk to Business: 1.944 = Severe

Chicago Public Schools is facing a big breach of student data after a technology vendor experienced a data security incident. CPS has disclosed that it was recently informed that an unauthorized access incident took place at Battelle for Kids in December 2021. In that incident, a server that housed four years’ worth of personal information about students and staff from the 2015-16 through 2018-2019 school years was breached. Officials say that no Social Security numbers, no financial information, no health data, no current course or schedule information, no home addresses and no course grades, standardized test scores, or teacher evaluation scores were exposed in this incident.

risk-to-business-img-r1

Risk to Business: 1.672 = Severe

The improperly accessed data included students’ names, schools, dates of birth, gender, CPS identification numbers, state student identification numbers, class schedule information and scores on course-specific assessments used for teacher evaluations. Employee data included names, employee identification numbers, school and course information and emails and usernames.

How It Could Affect Your Customers’ Business: School system databases are popular targets because they often hold big stores of information.

Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.