In a recent development, Baltimore City Public Schools revealed that they were the victim of a cybersecurity incident that compromised the personal information of certain individuals associated with the district, including current and former employees, volunteers, contractors, and a small percentage of students. The cyberattack took place on February 13, 2025, and is currently being investigated with the help of law enforcement and cybersecurity professionals.
The incident, which was detected on February 13, led to immediate actions being taken by Baltimore City Public Schools to contain the breach. This included notifying law enforcement, conducting an internal investigation, and securing the compromised systems. Working closely with cybersecurity experts, the district uncovered that criminal actors had gained unauthorized access to certain documents within the network.
The cyberattack impacted information related to staff, volunteers, and contractors who had undergone background checks or I-9 verification processes during onboarding. Additionally, data concerning less than 1.5% of the student population was also found in the compromised files. Despite the breach, school operations and critical services remained largely unaffected thanks to the quick response from the district’s IT team and investigators.
In response to the cybersecurity incident, Baltimore City Public Schools has implemented several measures to protect those affected and strengthen its digital defenses. These measures include sending out notification letters to individuals whose data may have been compromised, offering credit monitoring services, establishing a call center for support, and enhancing cybersecurity protocols with tools like endpoint detection and response (EDR) and conducting a forensic audit.
The district has emphasized its commitment to transparency and security, expressing regret for any distress caused by the incident and pledging to safeguard personal information and rebuild trust with the community. Impacted individuals are encouraged to enroll in the credit monitoring service provided by Baltimore City Public Schools and take additional precautions such as monitoring credit reports, placing fraud alerts with credit bureaus, and using identity protection tools if needed.
The cyberattack on Baltimore City Public Schools serves as a reminder of the importance of investing in robust cybersecurity infrastructure, employee training, and data protection policies for educational institutions. Experts warn that without such measures, breaches like these could become more frequent and severe. For individuals impacted by the incident or those seeking more information, Baltimore City Public Schools have provided a support line and resources on their official website.