Baltimore City Public Schools notified tens of thousands of employees and students of a data breach following an incident in February when unknown attackers hacked into its network.
Established in 1829, the public school district provides primary and secondary education to 76,841 enrolled students through 164 schools and programs.
“On February 13, 2025, Baltimore City Public Schools experienced a cybersecurity incident affecting certain IT systems within our network. We promptly notified law enforcement, conducted an initial investigation, and took steps to confirm the security of our systems,” City Schools said in a Tuesday notification.
“Following a thorough investigation with the guidance of law enforcement and external cybersecurity experts, we have confirmed that certain documents may have been compromised by criminal actors, which contained information belonging to some current and former employees, volunteers, and contractors, as well as files related to less than 1.5% of our student population.”
Even though the exact number of students affected by this breach wasn’t shared, based on current student enrollment numbers, the attackers gained access to sensitive data belonging to roughly 1,150 students, according to the school district’s estimations. Furthermore, the Maryland Office of the Attorney General confirmed to The Baltimore Sun that the breach impacts over 31,000 individuals.
During the breach, the threat actors may have stolen folders, files, or records containing social security numbers, driver’s license numbers, or passport numbers belonging to current and former employees, volunteers, and contractors. Files exposed during the incident may also have contained a combination of student data, call logs, absenteeism records, or the maternity status of currently enrolled students.
Breach linked to Cloak ransomware
While the school district didn’t link the attack to a specific threat group or cybercrime operation, a WBALTV report linked it to Cloak ransomware. This ransomware operation surfaced in late 2022 and has since claimed over 130 victims, most of them small—to medium-sized businesses.
Baltimore City Public Schools now provides complimentary credit monitoring services to those affected and urges impacted individuals to review personal account statements and monitor credit reports to prevent identity theft attempts.
In November 2020, Baltimore County Public Schools, a Maryland school district that manages all public schools in Baltimore County, Maryland, also disclosed a data breach following a ransomware attack that forced it to shut down its network due to the number of impacted systems.
One year earlier, in May 2019, a RobbinHood ransomware attack encrypted government servers at Baltimore City Hall. Another ransomware incident impacted Baltimore City’s emergency call system in March 2018, forcing the staff to switch to manual operations to handle all incoming emergency calls.
