Illuminate Data Breach Impacts More School Districts

A cyber-attack that compromised the personal data of hundreds of thousands of students in New York has affected additional students based in Colorado. 

The security incident occurred at California-based software company and New York City vendor Illuminate Education, which makes apps to track student grades and attendance. 

Cyber-criminals hacked into the company’s network, gaining access to databases containing student data, some of which they exfiltrated. 

In March, New York City’s Department of Education announced that the attack had exposed the names, birthdates, ethnicities, home languages and student ID numbers of 820,000 current and former New York City public school students.

According to recent reports by 9News and KOAA, the intrusion at Illuminate has also impacted school districts in Colorado, including Douglas County, Mesa County Valley School District 51, District 12 and District 70.

On Tuesday, parents of District 70 students received a letter advising them that their children’s data may have been compromised.

“On January 8 2022, Illuminate Education became aware of suspicious activity in a set of isolated applications within their programs. They immediately too steps to secure the affected applications and launched an investigation with external forensic specialists to determine the nature and scope of the activity,” states the letter.

The investigation determined on March 24 that unauthorized access to “certain databases, containing potentially protected student information” had taken place between December 28 2021 and January 8 2022. 

District 70 parents were told that while no child’s Social Security number was impacted by the breach, other data, including name, birth date, school of enrollment, student ID and gender had been compromised. 

A similar letter was sent to the parents of District 12 students on April 29. Both District 12 and 70 have withdrawn all their students’ data from Illuminate Education and have stated that they will not engage the services of the company in the future. 

Mesa County Valley School District 51, which used Illuminate Education’s assessment, progress monitoring and screening tool, Educlimber, said the databases accessed in the breach may have contained students’ academic and behavior information and accommodation information. 

Illuminate is offering impacted individuals 12 months of complimentary identity monitoring services.

What’s Hot on Infosecurity Magazine?