Roughly 1 Million students in New York City have reportedly been notified by the state's Department of Education that their data may have been compromised after a former software vendor of the DOE suffered a major data breach.
According to a letter sent to one graduate and seen by sources, the New York City Department of Education started notifying hundreds of thousands of other current and former students last week that they were victims of the cyberattack involving one of the DOE's former software vendors.
(Photo: Mika Baumeister from Unsplash)
The DOE later disclosed that, in addition to the initial notice of almost 800,000 impacted current and former pupils, the vendor had alerted it in October that a much larger number of youngsters had also been victims, bringing in an extra 380,000 pupils for city public schools.
According to the DOE letter, the compromised personal data include ethnicity, date of birth, student's name, academic records, and enrollment status.
Education officials stated that no financial or social security information was compromised. To help prevent identity theft, the DOE said that it is providing the affected students, who graduated from the program years before the security breach, with two years of free credit and identity-monitoring services through vendor IDX.
More Data Breach Warnings to Come
The recent letter sent to affected current and former students provides a link to an updated security alert on the DOE website.
The notice states that in 2022, some 387,000 current and past NYCPS students were newly identified as being affected by Illuminate's data security problem. According to a DOE representative, it's more like 381,000.
According to the DOE, 94,000 more current and past public school kids will also receive a second warning after Illuminate discovered more of their data that was impacted by the 2022 data security incident.
Illuminate Data Breach
The affected students are linked to the 2022 data breach on Illuminate, a former software vendor to several NYCPS schools that offer educational software applications and technology support.
Before June 30, 2022, several NYCPS schools used Illuminate software to track student attendance, record homework and grades, correspond with parents, administer tests and exams, and assist with other administrative tasks.
Illuminate discovered questionable behavior in a few of their apps in January 2022. Illuminate informed NYCPS in March 2022 that illegal access had occurred to certain systems, including student data, between December 28, 2021, and January 8, 2022.
NYCPS contacted current and former students who Illuminate determined were impacted by this incident in May 2022. NYCPS made complimentary two-year enrollment in identity monitoring services available to impacted kids.
A separate hack attack last summer compromised the Social Security numbers, dates of birth, employee IDs, and OSIS numbers of 45,000 students, staff members, and service providers.
In a letter to staff at the time, the DOE stated that 9,000 Social Security numbers were stolen and that 19,000 documents were accessed from the file-sharing system MOVEIt.
Related Article: Microsoft Data Breach Compromised Other US Agencies, Claims CISA
(Photo: Tech Times)