Chicago Public Schools data breach exposes thousands of students’ private information

On June 15, 2018, an employee of Chicago Public Schools negligently emailed private student information to more than 3,700 families. The data of thousands of students were breached, including:

  • Names
  • Email addresses
  • Phone numbers
  • Student IDs

A link to a spreadsheet containing the data was accidentally shared in an email inviting families to submit supplemental applications to selective enrollment schools. Although the incident was discovered quickly, with recipients asked to delete the information, the link remained active for several hours. Chicago Public Schools has apologized for the unacceptable breach and said that the employee responsible would be removed from their position.

Data privacy is crucial

Data privacy is a serious concern. In this case, thousands of students had their personal data exposed, making them vulnerable to malevolent individuals who could use the information to perform a variety of cyber crimes such as phishing.

Protect your organization

No organization is immune to data breaches, and the repercussions are wide-ranging. As well as facing financial penalties, organizations that suffer a data breach can lose customer trust – a consequence that Chicago Public Schools likely faces.

Organizations under the jurisdiction of the EU’s General Data Protection Regulation (GDPR) must work especially hard to protect their data and build stronger information security systems.

The GDPR, which came into effect on May 25, 2018, gives EU residents more control over how their personal data is collected and processed and places a range of new obligations and responsibilities on organizations to be more accountable for data privacy and protection.

All organizations in the EU that process personal data, and any non-EU organizations that offer goods and services to, or monitor the behavior of, EU residents must comply.

As the GDPR compliance deadline has passed, it is vital that organizations start their compliance journey as soon as possible, if they have not already done so.

IT Governance has the expertise to help you achieve GDPR compliance

IT Governance USA’s certified GDPR training courses can help your organization comply with the Regulation. Learn from experts how to meet the GDPR’s requirements, and gain a practical understanding of the tools and methods for implementing and managing an effective compliance framework.

Get GDPR training >>

Prepare your staff with information security training

Give your staff the training they need to avoid scenarios similar to the one in this article. Our staff awareness course provides your employees with a better understanding of information security risks and compliance requirements, thereby reducing your organization’s exposure to security threats. It teaches them about information security best practices to minimize preventable mistakes.

Learn more about our Information Security Staff Awareness eLearning Course>>