Illuminate Education Settles for $5.1 Million Over Data Breach

Source: Wikipedia/Blogtrepreneur, CC BY 2.0, via Wikimedia Commons

New York Attorney General Letitia James, together with counterparts from California and Connecticut, has secured a $5.1 million settlement from Illuminate Education, Inc. The company, which provides software that tracks students' academic progress, faced a data breach that exposed personal information, including the records of 1.7 million students in New York.

Attorney General James stated, "Students, parents, and teachers should be able to trust that their schools’ online platforms are safe and secure." According to findings by the Office of the Attorney General (OAG) and the New York State Education Department (NYSED), Illuminate Education, Inc. did not implement certain basic security measures, including encrypting student data and monitoring for suspicious activity on its platforms, as reported by the Attorney General's office.

The settlement emphasizes the need for strong data security in the education technology sector. In a press release, California Attorney General Rob Bonta stated, "Illuminate failed to appropriately safeguard the data of school children, resulting in a data breach that compromised the sensitive data of students nationwide, including more than 434,000 California students." Connecticut Attorney General William Tong noted that the settlement is the first under the state's Student Data Privacy Law and highlighted the responsibility of education technology companies to protect children’s information.

In December 2021, the breach was traced to an ex-employee’s old login credentials. Using these credentials, hackers accessed the personal information of approximately 1.7 million New York students, including names, birth dates, and student IDs, from around 750 schools. The investigation found that Illuminate Education had not encrypted student data and had not restricted account access.

As part of the settlement, Illuminate Education is required to enhance its cybersecurity measures. This includes establishing a comprehensive information security program and implementing access controls and encryption for student data. The company must also provide schools with annual reports on the student data being collected, including the opportunity to request deletion of outdated records. Oversight of these measures is being conducted by Senior Enforcement Counsel Jordan Adler and Deputy Bureau Chief Clark Russell of New York's Bureau of Internet and Technology.

Bronx/ New York City-

Explore Our Cities & Metro Areas (A-Z)

Illuminate Education Settles for $5.1 Million Over Data Breach Affecting Millions of Students in New York, California, and Connecticut

Trending in New York City

National

FBI Crushes National Predator Ring; 205 Arrested, 115 Children Saved in LA, SF, DC, Chicago, & NY

Yes, That Earthquake Was Real — And No, It Wasn't the Big One (But the USGS Did Downgrade It)

Midjourney, the AI Image Generator, Now Wants to See Your Organs at Its Multistory Union Square Spa

EXCLUSIVE: Secretive Billionaire Owner of Anchor Brewing Just Officially Registered a Name at the Iconic SF Brewery

'Major' Rodent Infestation Cited at Balboa Cafe; Newsom-Linked SF Institution Has Just 1 Week

Bay Area's Oliver Tree Killed When Two Helicopters Smashed Into Each Other Above Rio de Janeiro

Floyd Mayweather Charged With Felony Theft Over $200K Watch Bought With a Bounced Check

Tom Steyer’s Odds for CA Governor Surged from 7% to 69% on Polymarket. Here’s why.

Aldon Smith, Dominant 49ers Pass Rusher Whose Story Stayed Unfinished, Dies at 36

U.S. Navy Commander Charged With Child Sex Crimes in St. Johns County and Arrested at Naval Station Mayport