Baltimore City Schools CEO Dr. Sonja Santelises told the Board of School Commissioners on April 22 that the district suffered a computer network breach in February that may have compromised documents belonging to some current, former and prospective employees, volunteers and contractors, and files tied to fewer than 1.5% of students — about 1,000 of roughly 75,000 enrolled.

The confirmation followed an investigation the district said it carried out with law enforcement and external cybersecurity consultants. "We immediately notified law enforcement, conducted an initial investigation, and secured our operational systems," Santelises said during her remarks.

The district said it is notifying impacted individuals by U.S. Mail starting today, will post general information on its website and social channels, and will notify staff. Those who receive notices will be offered complimentary credit monitoring and identity-theft mitigation services; the district is also establishing a call center to help affected people enroll in those services.

Santelises described operational steps already taken: resetting all user passwords and installing endpoint detection and response software. The district said a forensic audit is under way and that it will continue to assess procedures "for ways to defend against evolving cybersecurity threats." "Since then, we have been investigating with the help of external cybersecurity experts to determine who was impacted and what data was compromised," she said.

District officials emphasized they are still determining precisely which data elements were accessed and urged recipients of notification letters to keep them because they will include specifics and next steps. The district said the breach affected "files that were related to less than 1.5% of all of our students," and repeated that figure in board comments.

Asked about immediate protections, Santelises said the district had begun providing credit monitoring and dark‑web monitoring to impacted people, and that the district would continue to coordinate with law enforcement and outside experts.

The board did not take formal action; the announcement was presented as part of the CEO comments portion of the meeting. Santelises closed the item by acknowledging the disruption and underscoring that the district will continue to notify and support impacted individuals.

For now, officials say notifications are being mailed and a call center is being stood up to answer individual questions; the district executed password resets and installed additional endpoint detection software while the forensic review continues.