On May 6, the NY Post revealed that about two million students in NY State alone may have had their privacy violated by the massive Illuminate data breach; students in CT and CO were also affected.
This is an update from reporting in The Journal, based on FOILed records from NYSED that found at least one million students affected, across 24 school districts and 18 charter schools in New York, plus one Board of Cooperative Educational Service .
The NY State Education Dept. and the NYC DOE need to do a far better job protected personal student data and complying with the NY State Student privacy law 2D, which was passed in 2014, and to minimize the sharing of student data, ensuring strict security standards including encryption, and requiring that vendors delete it as soon as possible and at the very least when students graduate, none of which happened here.
Illuminate has reported that the hackers accessed a ” database storing some information in unencrypted format “, according to the The Record news site, and that the data may have included student and parent names, email addresses, grades, attendance, birth dates, ID numbers, genders, race and ethnicity, languages spoken at home, Title I and disability status and more. Data from the records of students in Colorado and Connecticut may also have breached.
Last weekend, Leonie Haimson, co-chair of the Parent Coalition for Student Privacy and Doug Levin, Co-Founder and National Director, K12 Security Information Exchange and a national expert on student data breaches, gave presentations at the Network for Public Education national conference in Philadelphia, in which we discussed the Illuminate Breach and the how districts and schools can better protect the privacy of their students and teachers.
Below are the videos of the this session, separated into Part I and Part II, along with questions and comments from the audience, and their power point presentations.