HUDSON VALLEY, NY — Parents in the Hudson Valley are only beginning to find out now that a nationwide data breach of public school children’s sensitive personal data has affected their families.
Parents in the region, including in New Rochelle, received letters from Illuminate Education this week, alerting them that their child’s personal information may have been exposed in a widespread data breach. Along with understandable confusion, anger and even fear, the unexpected news, that in some cases came with little or no forewarning from school district officials, sparked some concern that the families were being tagged as part of an elaborate phishing con.
Many parents in our area admitted they assumed the letter from Illuminate was just a scam and tossed it out. Other parents quickly noticed that this was the same company involved in the massive data breach in NYC public schools affecting 820,000 students. That scandal resulted in the NYC Board of Education banning the company’s education products at the end of this school year.
According to state data, 1.9 million New York State students were impacted by the incident as of early May, including charter school students.
The full list of all schools known to be impacted by the Illuminate data breach so far can be found here.
Hudson Valley schools/districts included:
- Ardsley Middle School (Southern Westchester BOCES)
- Ardsley High School (Southern Westchester BOCES)
- Brewster Central Schools
- Briarcliff Manor Union Free School District
- Byram Hills Central School District
- Croton-Harmon Union Free School District
- Greenburgh Central School District
- Greenburgh Eleven Union Free School District
- Mamaroneck Union Free School District
- New Rochelle City School District
- Peekskill City School District
- Poughkeepsie City School District
Illuminate Education, a company that provides technology and applications to schools, alerted school officials across the country in early April that some of its databases containing protected student information were breached.
However, it seems that many schools had not yet informed parents that their children’s personal information was involved in the Illuminate data breach — the first they heard of it was in the letters the California-based company recently began sending out to those in our area who were confirmed to have been affected.
A sample letter can be seen here.
“On January 8, 2022, Illuminate Education became aware of suspicious activity in a set of isolated applications within our environment. We immediately took steps to secure the affected applications and launched an investigation with external forensic specialists to determine the nature and scope of the activity. On March 24, 2022, our investigation confirmed that certain databases containing potentially protected student information were subject to unauthorized access between December 28, 2021, and January 8, 2022,” the letter from Illuminate Education Chief Product Officer Scott Virkler said.
While several schools use Illuminate Education products, only those using the company’s Data Driven Classroom, IO Assessment applications or its IO Admin tool are affected, according to Illuminate Education’s Chief Marketing Officer Jane Snyder.
Snyder added that the “the vast majority of Illuminate customers were not affected.”
In a statement emailed to Patch’s Toni McAllister last month, Snyder wrote: “We recently completed the investigation regarding unauthorized access of our systems and determined that some personal information was involved. We are in the process of notifying all customers that were affected and are working closely with customers to notify individuals who may be affected. The security of the data we have in our care is one of our highest priorities, and we have already taken important steps to help prevent this from happening again.”
According to Virkler’s letter, the affected databases may have contained names and other personal data, but “Social Security numbers and financial information were not at risk as a result of this event.”
“Although we have no evidence that any information was subject to actual or attempted misuse, we are providing you with this notice out of an abundance of caution,” the letter stated.
The company is encouraging those impacted “to remain vigilant against incidents of identity theft and fraud” by reviewing account statements and monitoring free credit reports for suspicious activity to detect potential errors.
Illuminate said that as an added protection, they are offering complimentary access to 1 year of credit and identity monitoring services through IDX and encouraged those affected to enroll in these services.
For additional information or questions, you can contact Illuminate Education on their dedicated assistance line at 833-749-1673, Mon. – Fri., from 9 a.m. – 9 p.m.
Original Source link