EdisonLearning faced a significant cybersecurity challenge when it fell victim to a ransomware attack, compromising the personal data, including names and Social Security numbers, of individuals. Recently, ClassAction.org has initiated an inquiry into the possibility of a class-action lawsuit against EdisonLearning on behalf of those affected. The breach came to light in April 2023 when the Royal ransomware gang threatened to expose 20GB of stolen data on its dark web leak site. EdisonLearning confirmed the breach in May 2023, and last week, the company’s data breach notification, dated February 21, 2024, was posted on the Vermont Attorney General’s website.
The notification reveals that EdisonLearning detected suspicious activity within its systems on March 17, 2023, leading to an immediate response to secure the systems and launch an investigation. The unauthorized actor had access to certain computer systems between March 7, 2023, and March 17, 2023, downloading specific files. While the notice redacts the types of breached information, ClassAction.org suggests it may include names and Social Security numbers. EdisonLearning, however, claims there is no evidence of actual misuse of this information as a result of the breach. The company has been diligent in its investigation and has implemented new internal security protocols. EdisonLearning Director of Communications, Michael Serpe, affirmed that only corporate-related data, not student information, was impacted. As investigations continue, individuals impacted by the breach are urged to contact ClassAction.org
