Data Breach Of School Kids' Information Investigated In CA

RIVERSIDE COUNTY, CA — A company that provides technology and applications to schools — including some in Riverside County — has alerted campus officials that certain of its databases containing protected student information were breached.

According to a May 27 letter from Irvine-based Illuminate Education that went out to affected schools and districts, on January 8 Illuminate Education became aware of the suspicious activity "in a set of isolated applications within our environment."

"We immediately took steps to secure the affected applications and launched an investigation with external forensic specialists to determine the nature and scope of the activity. On March 24, 2022, our investigation confirmed that certain databases containing potentially protected student information were subject to unauthorized access between December 28, 2021, and January 8, 2022," the letter signed by Illuminate Education Chief Product Officer Scott Virkler said.

In early April, the company began notifying schools and districts about the breach, and on Friday the correspondence went out notifying those confirmed to be affected, according to the letter that is filed with state Attorney General Rob Bonta's office.

While several schools in Riverside County use Illuminate Education products, only those using the company's Data Driven Classroom and/or IO Assessment applications and/or its IO Admin tool are affected, according to Illuminate Education Chief Marketing Officer Jane Snyder.

Snyder declined to provide a list of schools directly impacted but said, "the vast majority of Illuminate customers were not affected."

In an emailed statement, she wrote: "We recently completed the investigation regarding unauthorized access of our systems and determined that some personal information was involved. We are in the process of notifying all customers that were affected and are working closely with customers to notify individuals who may be affected. The security of the data we have in our care is one of our highest priorities, and we have already taken important steps to help prevent this from happening again."

According to Virkler's letter, the affected databases may have contained names and other personal data, but Social Security numbers and financial information "were not at risk" as a result of the breach.

"Although we have no evidence that any information was subject to actual or attempted misuse, we are providing you with this notice out of an abundance of caution," the letter stated.

The company is encouraging those impacted "to remain vigilant against incidents of identity theft and fraud" by reviewing account statements and monitoring free credit reports for suspicious activity.

Illuminate Education provides a suite of products for schools and districts that provide "whole child data" and actionable insights.