A major data breach has exposed sensitive personal information of students, raising significant concerns about data security practices. Gabrielle Harper filed a class action complaint on April 4, 2025, in the United States District Court for the Northern District of Illinois against Cleo Communications, Inc., alleging negligence and other violations. The case underscores the critical importance of robust cybersecurity measures to protect personally identifiable information (PII).
Gabrielle Harper's lawsuit claims that Cleo Communications failed to secure PII adequately, leading to unauthorized access by cybercriminals. This breach impacted Chicago Public Schools, exposing student names, birth dates, gender, and Medicaid ID numbers. Harper argues that Cleo's failure to implement basic security procedures resulted in this exposure. The plaintiff alleges that despite Cleo's claims of commitment to data privacy and security, vulnerabilities in their file transfer software were exploited twice—first in October 2024 and again in December 2024—by the CLOP Ransomware Gang.
Cleo Communications is accused of failing to comply with industry standards and federal guidelines for data protection. The complaint cites violations of the Federal Trade Commission Act for not using reasonable measures to protect consumer data. Harper seeks damages for negligence, negligence per se, unjust enrichment, and violations of the Illinois Consumer Fraud and Deceptive Business Practices Act. The plaintiff demands injunctive relief requiring Cleo to adopt adequate security protocols and compensatory damages for affected individuals who now face increased risks of identity theft.
The legal team representing Gabrielle Harper includes Joseph P. Guglielmo from Scott+Scott Attorneys at Law LLP. The case is presided over by judges from the Northern District of Illinois under Case ID 1:25-cv-03666.