More than 25,000 people injured in Baltimore school attack

A ransomware attack on the Baltimore City Education System in February 2025 exposed the personal information of thousands of students, teachers, and staff. In total, more than 25,000 people were affected, including more than 1,150 students.

On February 13, 2025, the Baltimore City Education System was the victim of a cyberattack that compromised the schools’ IT infrastructure. Despite the failure to pay the ransom, an investigation revealed that cybercriminals gained access to confidential documents containing information about teachers, contractors, volunteers, and students. The compromised information included social security numbers, driver’s licenses, passports, call logs, attendance records, and medical records.

• The investigation is ongoing, but preliminary data points to the involvement of the Cloak group, which likely left a ransom note. It is known that 55% of the city’s education system employees were affected. In total, we are talking about more than 7,000 current teachers and all employees since 2010.
• This is not the first cyber incident in Baltimore – in 2020 the city was already the target of an attack, the damage from which exceeded $ 10 million. In 2019, City Hall was also attacked. Such cases are not isolated: in 2025 alone, at least 75 attacks on educational institutions in the United States were recorded.

Cybercrime is increasingly focused on the education sector, where large volumes of personal data are combined with weaker means of protection. The attack on Baltimore schools is further evidence that investments in the cybersecurity of educational institutions should be a priority. Baltimore has now implemented additional protections: EDR software, password resets, and two-year monitoring for victims.