Data Breach at Baltimore City Public Schools Impacts Over 31,000

Penka Hristovska
Penka Hristovska Former Editor
Published on: April 25, 2025
Penka Hristovska Penka Hristovska Former Editor
Published on: April 25, 2025

A cybersecurity breach at Baltimore City Public Schools has affected more than 31,000 Maryland residents, according to the Maryland Office of the Attorney General. The news came in a notification this week to the students and employees affected, which also revealed that the data breach actually took place in February.

“On February 13, 2025, Baltimore City Public Schools experienced a cybersecurity incident affecting certain IT systems within our network. We promptly notified law enforcement, conducted an initial investigation, and took steps to confirm the security of our systems,” City Schools said.

“Following a thorough investigation with the guidance of law enforcement and external cybersecurity experts, we have confirmed that certain documents may have been compromised by criminal actors, which contained information belonging to some current and former employees, volunteers, and contractors, as well as files related to less than 1.5 percent of our student population.”

The breach may have led to the unauthorized access of folders, files, or records from current and former employees who completed the I-9 verification during their onboarding. Additionally, some employees, volunteers, and contractors who underwent a background check with City Schools could also have been affected.

These files contain sensitive information such as social security numbers, driver’s license numbers, or passport numbers, as well as call logs, absentee records, or information about the maternity status of enrolled students.

The school district didn’t reveal who’s behind the attack, but it’s believed the Cloak ransomware may be the culprit. Baltimore City Public Schools is offering free credit monitoring services to those affected and advises impacted individuals to carefully review personal account statements and monitor credit reports to protect against identity theft.

“We have implemented a series of additional cybersecurity enhancements, including installation of endpoint detection and response software and resetting all passwords,” the school district said.

Officials at the Baltimore City State’s Attorney’s Office also said they “continue to enhance our cybersecurity and coordinate with our law enforcement partners, as this is an ongoing investigation.”

About the Author
Penka Hristovska
Penka Hristovska
Former Editor
Published on: April 25, 2025

About the Author

Penka Hristovska is a former editor at SafetyDetectives. She was an editor at several review sites that covered all things technology — including VPNs and password managers — and had previously written on various topics, from online security and gaming to computer hardware. She’s highly interested in the latest developments in the cybersecurity space and enjoys learning about new trends in the tech sector. When she’s not in “research mode,” she’s probably re-watching Lord of The Rings or playing DOTA 2 with her friends.