Illuminate Education Breach Notice
Public and Charter schools impacted, learn which ones, and what brands of software.
What occurred ?
Illuminate education was breached. The illumination breach occurred between December 28th and January 8th. The extent of the breach appears substantial. Additional information continues to come to light.
New York Schools Impacted. According to the NY Post, on May 31st the NYC department of education revealed that 820,000 public school students were impacted. The system is now banned.
What was Breached ?
Hackers were able to gain access to students’ names, birthdays and ethnicities, as well as their English-learner, disability and free-lunch statuses, sources said at the time. Previously the Post reported that Over 500 Schools and 2 Million students in public and charter schools are reported to be impacted. (NY Post)
Other States impacted: Yes. A link to NY and other states impacted click HERE
Actions and information:
The New York State Department of Education has issued a notification regarding Illuminate Education Breach. The New York The website recommends that affected schools issue a statement to include: ” Illuminate Education, an educational software company which products are used in our school district/charter school, has informed us that some databases containing potentially protected student information were subject to unauthorized access between December 28, 2021, and January 8, 2022.”
Steps you need to take
- Contact your current and prior schools attended
- Ask for verification if they used software from Illuminate (a full list of brands are below)
- See the list of schools here from the journal (provided for convenience, please check with your school directly)
What information or assistance does Illuminate Education provide ?
Based upon their website, there is no mention of the Breach under the news articles (as of this post). The most recent post is August 21, 2021. The breach occurred in December of 2021. Under resources there is a link to Illuminate Data and Privacy HERE
Brands Impacted:
Their website mentions; eduClimber, Key Data Systems, io education, SchoolCity, Alpine Achievement. Additionally Skedula, Pupil Path and IO Classroom are mentioned in the NY Post Article.
The company includes multiple brands listed here: https://www.illuminateed.com/about/our-story/
Other School data breaches:
This is not the first or only breach of school or student data.
- On November 22, 2021 tech crunch reported – SmarterSelect, a U.S.-based company that provides software for managing the application process for scholarships, exposed the personal data of thousands of applicants because of a misconfigured Google Cloud Storage bucket. According to the tech crunch article:
- The data included documents such as academic transcripts, resumes and invoices for approximately 1.2 million applications to funding programs, dated from November 2020 to September 21, 2021.
- One folder hosted on the public bucket hosted 23,000 spreadsheets and 8,000 ZIP files, according to UpGuard’s analysis.
- Another directory, which contained some 2.79 million files, included even more sensitive data on applicants. This includes student photos where required for application, financial documents such as Free Application for Federal Student Aid (FAFSA) forms that in some cases included full Social Security numbers, proof of COVID-19 vaccinations and descriptions of hardships.
- In 2019 as reported to the California attorney general – Active Network’s Blue Bear Software platform reported that unauthorized activity in its network earlier this year resulted in customer PII being exposed. We recently identified suspicious activity on the Blue Bear platform. Our investigation determined the activity related to Blue Bear webstore users between October 1, 2019 and November 13, 2019.
Learn about Cyber Liability Insurance – #broadfieldinsurance – 845-986-2211
PCF insurance