![]() No specific data from students’ individual education plans, financial information or social security numbers were accessed, according to the DOE. Illuminate said not all information stored in PupilPath and Skedula was compromised, according to the Education Department. I wasn’t expecting it so young.”Ī cybersecurity expert said student data is more valuable to hackers because young people are not on the lookout for identity theft. “I have a family member who went through identity theft and it was horrible trying to correct … we’re going to have to monitor his credit. That’s a big concern for Cynthia McKnight, the parent of a teenager at the Brooklyn Latin School who uses PupilPath for his grades. “It is absolutely the case that criminals can open accounts for minors, and damage their creditworthiness even before they get out of elementary school,” he said. Personal data belonging to kids is especially valuable on the dark web because kids are less likely than adults to be monitoring for identity theft or credit fraud, Levin added. Levin said outside vendors like Illuminate that contract with schools have been the targets of an increasing number of cyberattacks - and don’t always have adequate security measures in place. State law requires that “encryption … must be in place when data is stored or transferred.” There is no evidence of any fraudulent or illegal activity related to this incident.”Ī DOE spokesman said Illuminate previously certified as part of a data privacy and security agreement that it was encrypting all of its personal student data, but admitted in conversations with the DOE following the hack that the compromised data was not encrypted, education officials said. We are in the process of notifying customers that may have been affected. ![]() Illuminate said in a statement that its investigation into “unauthorized access of our systems” found that “some personal information was involved. The data breach raises a host of new privacy questions for families and city schools.ĭOE officials said Illuminate has not disclosed any information about what, if anything, the hackers had done with the personal data, or whether the company paid a ransom. I certainly think it would be appropriate credit monitoring would be offered to victims,” said Levin. “Certainly date of birth, names, that is sufficient to worry about that being obtained by criminal actors. Illuminate will likely sponsor a credit-monitoring service for affected students, who may now be vulnerable to identity theft, education officials said. In the coming weeks, the DOE said it will work with Illuminate to send the families of each of the roughly 820,000 students affected by the breach an individualized letter explaining what specific data was compromised. “We will not tolerate bad actors in this city and plan to hold Illuminate fully accountable for not providing our students with the security and timely notification the company promised.” “This is completely unacceptable, and why we’ve asked the NYSED to investigate Illuminate’s compliance with state law,” Adams said. That Illuminate waited two months to formally notify the city of the breach “shows the company has been more concerned with protecting itself than protecting our students,” Adams said in a statement. ![]() “We understand how important it is that families can trust that their child’s data is protected, and we are exploring options to hold Illuminate accountable for violating that trust,” Styer added. Styer said the DOE asked the NYPD, FBI and New York Attorney General to investigate the initial hack, and requested that the state Education Department look into Illuminate’s compliance with student data privacy laws. ![]() “We are outraged that Illuminate represented to us and schools that legally required industry-standard critical safeguards were in place when they were not,” he said. Illuminate didn’t break down how many students were affected by each category of data breach, other than disclosing that the hackers accessed economic status information for 15,000 students.ĭOE spokesman Nathaniel Styer blasted Illuminate for allegedly fudging its cybersecurity protocols - and promised follow-up for families and schools.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |