A February data breach on the school system might have compromised documents of employees, students, volunteers and contractors, the district announced Tuesday.
The hack was an attempted ransomware attack, said André Riley, executive director of communications for the school district, in response to questions before a BCPS school board meeting Tuesday night.
The district maintained access and control of its systems during the breach and did not pay a ransom to any hackers, Riley said.
“These folks spend all day trying to figure out how to beat you. And in this case, they found a small sliver … of our security. They were able to get inside the house,” Riley said.
The school system sent notification letters and will provide credit-monitoring services to those affected. Its investigation found “certain documents may have been compromised by criminal actors, which contained information belonging to some current and former employees, volunteers, and contractors, as well as files related to less than 1.5 percent of our student population,” the district wrote on its website.
The district said it’s implemented cybersecurity upgrades in response to the Feb. 13 breach. Cybersecurity experts and a law firm with expertise in helping various entities with data breaches are advising the school system “not on just what happened,” Riley said, “but how we can be stronger the next time somebody takes a swing at us.”
“With the guidance of law enforcement and outside cybersecurity experts, we have worked diligently to determine how this incident happened, and we are taking appropriate measures to prevent a similar situation in the future,” it said.
“City Schools deeply values the trust our students, families, and staff place in us to protect the privacy and security of their information. We regret any inconvenience or concern this incident may have caused.”
Background check information for contractors and volunteers, I-9 verification details and some background check information from staff, as well as some information from the files of students re-engaging with the school system, were involved in the hack, Riley said.
Just over a month after the breach of City Schools, the city’s state’s attorney’s office was notified of “unusual activity occurring on our network” on March 19, the office’s chief of communications, James Bentley, said in an email Tuesday.
With the investigation still active, the office is coordinating with law enforcement and enhancing its cybersecurity, Bentley said. Bentley did not respond to specific questions about the incident, including whether sensitive information was compromised.
There was no known connection between the two incidents, Riley said Tuesday evening.
In 2020, Baltimore County’s school system was shut down by a cyber attack that hit all its network systems. The Inspector General for Education found Baltimore County Public Schools partially responsible.
©2025 Baltimore Sun. Distributed by Tribune Content Agency, LLC.