After a digital education network used by dozens of city schools revealed hackers acquired access to confidential information of 820,000 present and former classmates during a January breach, the mayor of New York City and several education officials expressed strong outrage.
The incident occurred in January, according to the city's Department of Education, when an internet grading system and attendance system utilized by many public schools was hijacked.
Hackers might have gotten names, nationalities, birthdays, first languages, and student ID numbers from those platforms, as well as sensitive data including whether children used special education or free lunch programs.
The hack affected both present and former public school pupils dating back to the 2016-17 scholastic year.
Officials from the California-based firm behind the system, Illuminate Education, have lambasted it for allegedly falsifying its cybersecurity measures. The corporation hasn't said what, if anything, was done with the information. The Department of Education has requested the NYPD, FBI, and state attorney general examine the incident.
The regional director of K12 Security Information Exchange, Doug Levin, told the New York Daily News, "It can't remember of another school system which has had a student data leak of magnitude originating from one occurrence."
The DOE said it will work with Illuminate in the coming weeks to send individualized letters to the families of each of the roughly 820,000 kids affected by the hack, detailing what data was exposed. According to school officials, Illuminate will likely fund a credit-monitoring program for affected kids, and will now be vulnerable to identity theft.
Chancellor of the New York City Schools, David Banks, has asked for a probe of Illuminate Education's cybersecurity safeguards, pushing the state's education agency to inquire into it.