Two years after an initial data breach report, New York City Public Schools (NYCPS) has discovered that additional students were impacted by a cybersecurity incident involving Illuminate Education. Originally, the breach was reported to have affected about 800,000 students, but recent findings indicated that more students had their data compromised. The breach was first brought to light by Illuminate Education in October of the previous year, revealing extended impacts of the 2022 incident. In response, NYCPS sent out letters to the newly identified victims, including one specifically mentioned student, to notify them of the breach and the steps being taken to secure their information.
Following the revelation of the breach, NYCPS officials have taken significant measures to enhance their cybersecurity infrastructure and tighten protocols around data access and contractor compliance. They have emphasized their commitment to student privacy and have established a comprehensive security compliance process. This process is aimed at ensuring that all vendors handling student information adhere to strict federal, state, and local laws to protect sensitive data effectively. Additionally, the school system has refined its policies to prevent the use of any software products involving vendors that access student information unless these vendors have fully complied with the district’s rigorous security standards.
In the aftermath of the breach, NYCPS is offering two years of free credit and identity-monitoring services to those affected to help protect them from potential identity theft and other issues stemming from the breach. The offer requires affected individuals to enroll and activate the services themselves, with a deadline set for July 30, 2024. This initiative is part of a broader effort by NYCPS to mitigate the damage and provide reassurance to students and parents concerned about the privacy and security of their personal information.
This incident is among several cyber attacks targeting city public-school students and employees, highlighting a broader trend of educational institutions being attractive targets for hackers. In another instance last summer, a hack affected 45,000 students, school workers, and service providers, compromising sensitive information including Social Security numbers. These consecutive security breaches have prompted significant changes within the DOE’s technology leadership and have led to a renewed focus on strengthening cybersecurity measures across the district. The DOE remains committed to safeguarding the data and well-being of all its students and staff as a top priority.
