Boulder Valley School District Students Notified Of Data Breach

BOULDER COUNTY, CO — Boulder Valley School District officials are warning of a software data breach that may have impacted former and current students. This month, district officials learned that an unauthorized third party gained access to Pearson’s AIMSweb 1.0 system in late 2018, and students' full names and date of birth may have been exposed, officials said.

Pearson became aware of the breach, which has impacted more than 13,000 schools and universities across the United States, in mid-March, local district officials said. The Federal Bureau of Investigation is investigating the breach and, to date, Pearson said it does not have any evidence that this information has been misused.

Pearson is best known as a publisher of print and digital textbooks, but the company also develops education-related software. BVSD used Aimsweb 1.0 to track progress, inform instruction and provide updates to parents. No other Pearson products appear to be impacted by the breach, local officials said.

(Stay up-to-date on Boulder news with Boulder Patch! There are many ways for you to connect and stay in touch: Free Newsletters and Email Alerts | Facebook)

The district conducted an independent review and found no additional data sources were at risk, the district said.

The school district continues to be in compliance with the Colorado Student Data and Transparency Act and remains vigilant in protecting student data, officials said.

“BVSD takes the safety and security of our students extremely seriously,” Chief Information Officer Andrew Moore and Superintendent Rob Anderson said in a joint letter to students in the district. “We will continue to work with Pearson and other vendors to ensure everything possible is done to protect the privacy of student data.”

The district is currently working to notify individuals directly impacted by the breach by mail, officials said. Families should receive a letter by August 30 if they are affected.

"Pearson Clinical Assessments notified affected customers of unauthorized access to approximately 13,000 school and university AIMSweb 1.0 accounts. The exposed data was isolated to first name, last name, and in some instances may include date of birth and/or email address," said Pearson spokesman Scott Overland. "Protecting our customers’ information is of critical importance to us. We have strict data protections in place and have reviewed this incident, found and fixed the vulnerability."

Families impacted will have access to a credit monitoring service through Experian. Pearson is paying for the expense of notifying families and the credit monitoring.

"While we have no evidence that this information has been misused, we have notified the affected customers as a precaution," Overland said. "We apologize to those affected and are offering complimentary credit monitoring services as a precautionary measure."