Hackers breached the IT systems of Illuminate Education in January, gaining access to the personal data of around 820,000 current and former New York City public school students.
Illuminate Education is a taxpayer funded software based in California. It is best known for creating the widely-used IO classroom,Skedula and PupilPath platforms, current used by New York City’s Department of Education to log attendance and grades.
The Department announced the hack on Friday, revealing that information dating back to the 2016-17 school year was exposed.
Compromised data included students’ names, birthdates, ethnicities, home languages and student ID numbers.
It has also been revealed that attackers exfiltrated class and teacher schedules, alongside data regarding which student received free lunches or special education services.
Doug Levin, The national director of K12 Security Information Exchange, a group that has tracked cyber-attacks targeting schools and education platforms since 2016, said: “I can’t think of another school district that has had a student data breach of that magnitude stemming from one incident.”
