Personal Data of 820,000 NYC Students Exposed

A widely used online grading and attendance system have been hacked, causing what could be the largest ever exposure of students’ personal data in American history. 

Cyber-criminals broke into the IT systems of Illuminate Education in January, gaining access to a database containing the personal data of around 820,000 current and former New York City public school students. 

Illuminate Education is a taxpayer-funded software company based in California. The company created the popular IO Classroom, Skedula, and PupilPath platforms, used by New York City’s Department of Education to track grades and attendance.  

The hack, which involved information dating back to the 2016-17 school year, was announced by the Department on Friday. Data compromised in the incident included students’ names, birthdates, ethnicities, home languages, and student ID numbers.

The Department said that the attackers had exfiltrated class and teacher schedules and data regarding which students received free lunches or special education services.

K12 Security Information Exchange has tracked cyber-attacks targeting schools and education platforms since 2016. The group’s national director, Doug Levin, said: “I can’t think of another school district that has had a student data breach of that magnitude stemming from one incident.”

Illuminate’s grading and attendance platform was shut down for weeks after the hack was detected, causing disruption to city schools. The company waited two months to formally notify the city of the breach. Read more:

Leave a Reply

Your email address will not be published. Required fields are marked *