The files contained personal information such as background checks and employee ID numbers of tens of thousands of CPS workers.
CPS experienced another data breach a few months ago when the district accidentally sent around thousands of families' personal information in an email.
A former IT worker for Chicago Public Schools (CPS) allegedly stole the personal information of about 70,000 people from files that should have been secured.
Kristi Sims was charged on Friday with one count of aggravated computer tampering and four counts of identity theft, reports CBS Chicago.
Sims, 28, was fired from the district’s Office of Safety and Security. Police believe she stole the files in retaliation for getting fired.
Sims was terminated from her role for performance issues, according to Assistant State’s Attorney Tom Simpson. She was originally hired to help organize the board of education’s cloud accounts and conduct background checks on employees, reports the Chicago Sun Times.
Once fired, prosecutors say Sims remotely accessed the information from a cloud before CPS administrators could shut her out of the system.
The files contained sensitive information such as phone numbers, criminal arrest histories and DCF findings from as many as 70,000 CPS employees, volunteers and vendors.
Authorities discovered the data breach on Oct. 31 and Sims was arrested later that night. CPS Chief Operating Officer Arnie Rivera confirmed that Social Security numbers were not taken.
“There was no indication that the information, which was in the individual’s possession for approximately 24 hours, was used or disseminated to anyone in any way,” Rivera said.
Police analyzed the digital equipment Sims used and a search warrant has been requested to search her email account.
Matthew Feilen, a digital forensics expert, says it was possible for the data to be compressed into a portable file in a matter of seconds.
“You can attach it to an email such as Gmail or a Dropbox account,” Feilen said. “It’s very easy.”
The Chicago teachers Union expressed their disbelief in the alleged identity theft.
“We’re troubled by yet another data breach by CPS – incredibly, this time, in the CPS Office of Safety and Security, which seems to be neither safe nor secure,” a statement said. “This latest breach suggests that CPS has put scant protections in place.”
Only a few months ago, CPS experienced another data breach when the school district mistakenly sent a mass email attached with a spreadsheet containing private information 3,700 students and families.
Sims had a court hearing on Friday was released on bond. She was ordered not to access the Internet during the ongoing investigation.
