Breach at Illuminate Education Impacts Student Data
Table of Contents
- By Steven
- Published: May 09, 2022
- Last Updated: May 09, 2022
A massive digital security breach at Illuminate Education has put students' sensitive information between the ages of 5 and 18 at risk. A recent probe reveals the personal information of more than a million students between kindergarten and grade 12 has been stolen from a database. The database was not encrypted. Colorado's District 70 in Pueblo County recently revealed the breach in a notification letter transmitted to parents and students.
What is the Hack all About?
Illuminate Education provides software for learning. The purpose of the educational software is to empower educators to better understand, monitor, and report on student attributes, class attendance, and other components of education. A hacking collective improperly accessed the company's systems. Hackers infiltrated the Irvine, CA-based company's system to steal information and tinker with internal controls relied upon by more than 5,000 schools and districts in each of the 50 states. Illuminate Education serves nearly 20 million students.
What is the Response to the Attack?
Officials in New York state have started a formal investigation into the data breach. Illuminate rakes in more than $120 million in yearly revenue, yet the company refused to comment on how it internally responded to the attack. Nor did Illuminate's public relations team give specifics as to the exact number of students and previous students who might soon become victims of identity theft after the attack.
Instead, Illuminate noted that its internal investigation is complete, and the schools with compromised data have been made aware of the situation. The schools served by Illuminate were provided with breach notifications shortly after the attack.
When did the Attack Occur?
The hack of Illuminate started in December. The company noted the data breach in early January. Though Illuminate deserves credit for relying on outside digital forensics specialists to perform an ensuing investigation, it took until March 4th to confirm that databases storing highly sensitive personal information pertaining to students was illegally accessed. The unauthorized access of the information occurred between December 28 and the first week of January 2022.
What Made Illuminate Aware of the Attack?
Illuminate's spokesperson notes that the company first suspected its internal systems were compromised when it suffered an extensive outage in early January. The outage led the company to conduct business offline for a period of time while it performed investigations. The digital forensics specialists who studied the attack noted that the company lacked the proper encryption for its database.
What Information was Stolen in the Attack?
The breach notifications sent to schools affected by the digital attack show all sorts of information was stolen in the breach. Students' names, ID numbers, class schedules, special education status, free lunch status, gender, date of birth, and scheduling information were exposed in the attack. Students in Colorado, New York, and several other states were hit especially hard.
Will Illuminate Education Face any Fallout from the Attack?
Illuminate's failure to add the proper digital security protections has created quite the public relations nightmare and might lead to a financial penalty. New York State is taking action, noting how third-party contractors that violate the state's law about data privacy are punishable by a penalty of $10 per student or $5,000 to $150,000 in fines.