A district investigation found “certain documents may have been compromised by criminal actors, which contained information belonging to some current and former employees, volunteers, and contractors, as well as files related to less than 1.5 percent of our student population,” which translates to about 1,000 students, according to district CEO Sonja Santelises.
The hack, which was first detected in February and announced Tuesday to the public, was an attempted ransomware attack, a BCPS spokesperson confirmed, which typically block access to a computer system or files until money is paid. City Schools did not pay a ransom.
There were no new updates to the investigation Wednesday, but the school system has already taken steps to boost its cybersecurity system.
City Schools hired CrowdStrike Inc., a renowned technology company based in Austin, Texas, to provide a cybersecurity forensic analysis and assessment for $160,000.
“Since the incident, we have implemented a series of additional cybersecurity enhancements, including the installation of endpoint detection and response software and the resetting of all passwords,” City Schools spokesperson Sherry Christian said in an email to The Baltimore Sun. “We will continue to assess our procedures already in place and the results of the forensic audit for ways to defend against evolving threats.”
The Maryland Office of the Inspector General for Education has not received any complaints or requests for assistance concerning this issue, according to a spokesperson.
“It appears from all reports that BCPS is collaborating with law enforcement officials to identify the individuals responsible for this breach,” the spokesperson said.
This is not the first time an area school system has dealt with a cyber attack.
Baltimore County’s school system was shut down by a cyber attack that hit all its network systems in November 2020. The attack caused systemic interruption to the network information systems, and county schools had to be closed.
That school system started using multi-factor authentication standards for all staff, improved firewall technology and enhanced device protections to detect and prevent malware. BCPS also migrated some network functions to an encrypted, cloud-based service and carried out security updates to ensure devices receive real-time security patches.
In addition, the Baltimore City State’s Attorney’s Office was notified of “unusual activity occurring on our network” on March 19. The office’s chief of communications, James Bentley, offered no further comment Wednesday because of an “ongoing investigation.”
There is no known connection between the incident at the state’s attorney’s office and the hack at the schools, according to a schools spokesperson.
©2025 Baltimore Sun. Distributed by Tribune Content Agency, LLC.
