Another School District Says Student Data Breached Within an Illuminate Education Product

  • By Kristal Kuykendall
  • 04/21/22

Another school district has announced that student data stored on Illuminate Education software has been breached and said Illuminate is is mailing a letter to parents offering “complimentary” identity monitoring service for a year.

Coventry Public Schools in Connecticut posted a notice on its website this week, stating the Illuminate software it uses, eduClimber, had experienced a data breach. The notice does not specify when the breach occurred, but states that the district was “recently notified” of the data breach.

Coventry is the second district in the past month to acknowledge a data breach within school systems managed by Illuminate Education; three weeks ago, New York City public school administrators learned that a data breach had occurred during a January cyberattack on Illuminate’s systems — and that personal information of about 820,000 current and former students had been compromised.

A data breach affecting 820,000 students would make it the largest single-school data breach in U.S. history, cybersecurity expert Doug Levin of K12 Security Information Exchange told THE Journal last month.

The number of students whose personal data was compromised during the cyberattack could actually be much larger.

When Illuminate’s systems were hit in January, all of its school software products were knocked off-line for a week or more, according to its service status site; the company’s website states that its school solutions — including IO Classroom (previously named Skedula), PupilPath, EduClimber, IO Education, SchoolCity, and others — serve over 5,000 schools with a total enrollment of about 17 million U.S. students.

Illuminate Education told THE Journal last month via email that a data breach impacting NYC schools occurred during the January cyberattack, but the company declined to confirm how many students or districts beyond New York City’s were impacted. Illuminate did not respond to emails and phone calls seeking more information.

“We recently completed the investigation regarding unauthorized access of our systems and determined that some personal information was involved,” Illuminate Education said in an emailed statement. “We are in the process of notifying customers that may have been affected. There is no evidence of any fraudulent or illegal activity related to this incident. The security of the data we have in our care is one of our highest priorities, and we have already taken important steps to help prevent this from happening again. Please note that we do not store financial information or Social Security numbers on our systems so these types of information were not affected.”

Coventry Public Schools’ notice to parents, dated April 18, said “we are writing to inform you that one of our vendors experienced a data breach of an application which houses student data for Coventry Public Schools. Illuminate Education is an education company that provides applications and technology support to school districts, including eduCLIMBER which is used in our district. We were recently notified of an incident that may affect the security of some of your child's information. According to Illuminate Education, affected databases included names along with demographic and academic related information for some current and former students. We have been told there is no evidence that any information was subject to actual or attempted misuse.

“Coventry Public Schools is working in partnership with Illuminate Education to help support affected families with this incident. Affected families will be receiving a mailing from Illuminate Education offering those children complimentary access to 12 months of identity monitoring services through IDX. The letters will contain information on how to enroll if you elect to do so, along with additional information regarding data privacy.”

Coventry is a fraction of the size of the New York City school district, with about 1,650 students enrolled, according to the district website.

Yet, confirmation of another school data breach related to a cyber incident targeting Illuminate systems — and from a district using a different Illuminate product than the one that was the source of NYC’s breach — “suggests that maybe the Illuminate Education breach is bigger than New York City,” Levin said.

About the Author

Kristal Kuykendall is editor, 1105 Media Education Group. She can be reached at [email protected].


Featured

  • computer monitor displaying an open book on screen

    Discovery Education Expands DreamBox Reading to Support PreK-5 Learners

    Ed tech provider Discovery Education has announced the latest enhancements to its DreamBox Reading adaptive literacy program, which now offers personalized instruction for grades PreK-5.

  • stylized illustration of a desktop, laptop, tablet, and smartphone all displaying an orange AI icon

    Survey: AI Shifting from Cloud to PCs

    A recent Intel-commissioned report identifies a significant shift in AI adoption, moving away from the cloud and closer to the user. Businesses are increasingly turning to the specialized hardware of AI PCs, the survey found, recognizing their potential not just for productivity gains, but for revolutionizing IT efficiency, fortifying data security, and delivering a compelling return on investment by bringing AI capabilities directly to the edge.

  • digital dashboard featuring a shield icon, graphs, a world map, and network nodes

    IBM Launches Agentic AI Governance and Security Platform

    IBM has introduced a new software stack for enterprise IT teams tasked with managing the complex governance and security challenges posed by autonomous AI systems.

  • silhouette speaking toward a screen displaying a microphone icon and sound waveforms

    Amplify Launches Custom AI-Powered Automatic Speech Recognition System

    Curriculum and assessment company Amplify has introduced a custom Automatic Speech Recognition (ASR) system to support its instructional products.