Another School District Says Student Data Breached Within an Illuminate Education Product

Another school district has announced that student data stored on Illuminate Education software has been breached and said Illuminate is is mailing a letter to parents offering “complimentary” identity monitoring service for a year.

Coventry Public Schools in Connecticut posted a notice on its website this week, stating the Illuminate software it uses, eduClimber, had experienced a data breach. The notice does not specify when the breach occurred, but states that the district was “recently notified” of the data breach.

Coventry is the second district in the past month to acknowledge a data breach within school systems managed by Illuminate Education; three weeks ago, New York City public school administrators learned that a data breach had occurred during a January cyberattack on Illuminate’s systems — and that personal information of about 820,000 current and former students had been compromised.

A data breach affecting 820,000 students would make it the largest single-school data breach in U.S. history, cybersecurity expert Doug Levin of K12 Security Information Exchange told THE Journal last month.

The number of students whose personal data was compromised during the cyberattack could actually be much larger.

When Illuminate’s systems were hit in January, all of its school software products were knocked off-line for a week or more, according to its service status site; the company’s website states that its school solutions — including IO Classroom (previously named Skedula), PupilPath, EduClimber, IO Education, SchoolCity, and others — serve over 5,000 schools with a total enrollment of about 17 million U.S. students.

Illuminate Education told THE Journal last month via email that a data breach impacting NYC schools occurred during the January cyberattack, but the company declined to confirm how many students or districts beyond New York City’s were impacted. Illuminate did not respond to emails and phone calls seeking more information.

“We recently completed the investigation regarding unauthorized access of our systems and determined that some personal information was involved,” Illuminate Education said in an emailed statement. “We are in the process of notifying customers that may have been affected. There is no evidence of any fraudulent or illegal activity related to this incident. The security of the data we have in our care is one of our highest priorities, and we have already taken important steps to help prevent this from happening again. Please note that we do not store financial information or Social Security numbers on our systems so these types of information were not affected.”

Coventry Public Schools’ notice to parents, dated April 18, said “we are writing to inform you that one of our vendors experienced a data breach of an application which houses student data for Coventry Public Schools. Illuminate Education is an education company that provides applications and technology support to school districts, including eduCLIMBER which is used in our district. We were recently notified of an incident that may affect the security of some of your child's information. According to Illuminate Education, affected databases included names along with demographic and academic related information for some current and former students. We have been told there is no evidence that any information was subject to actual or attempted misuse.

“Coventry Public Schools is working in partnership with Illuminate Education to help support affected families with this incident. Affected families will be receiving a mailing from Illuminate Education offering those children complimentary access to 12 months of identity monitoring services through IDX. The letters will contain information on how to enroll if you elect to do so, along with additional information regarding data privacy.”

Coventry is a fraction of the size of the New York City school district, with about 1,650 students enrolled, according to the district website.

Yet, confirmation of another school data breach related to a cyber incident targeting Illuminate systems — and from a district using a different Illuminate product than the one that was the source of NYC’s breach — “suggests that maybe the Illuminate Education breach is bigger than New York City,” Levin said.

About the Author

Kristal Kuykendall is editor, 1105 Media Education Group. She can be reached at [email protected].


Featured

  •  classroom scene with students gathered around a laptop showing a virtual tour interface

    Discovery Education Announces Spring Lineup of Free Virtual Field Trips

    This Spring, Discovery Education is collaborating with partners such as Warner Bros., DC Comics, National Science Foundation, NBA, and more to present a series of free virtual field trips for K-12 students.

  • glowing padlock shape integrated into a network of interconnected neon-blue lines and digital nodes, set against a soft, blurred geometric background

    3 in 4 Administrators Expect a Security Incident to Impact Their School This Year

    In an annual survey from education identity platform Clever, 74% of administrators admitted that they believe a security incident is likely to impact their school system in the coming year. That's up from 71% who said the same last year.

  • horizontal stack of U.S. dollar bills breaking in half

    ED Abruptly Cancels ESSER Funding Extensions

    The Department of Education has moved to close the door on COVID relief funding for schools, declaring that "extending deadlines for COVID-related grants, which are in fact taxpayer funds, years after the COVID pandemic ended is not consistent with the Department’s priorities and thus not a worthwhile exercise of its discretion."

  • pattern of icons for math and reading, including a pi symbol, calculator, and open book

    HMH Launches Personalized Path Solution

    Adaptive learning company HMH has introduced HMH Personalized Path, a K-8 ELA and math product that combines intervention curriculum, adaptive practice, and assessment for students of all achievement levels.