While the financial regulator protected the interests of investors, nothing was done to make up for the violation of the students' personal data.įor the data leaked in the Illuminate breach, it is already too late.
In 2021, the SEC charged edtech company Pearson for lying to investors about a data breach that leaked the birthdates and email addresses of millions of students. The federal government has shown itself to be more willing to protect investors than students.
Health data managed by schools is protected by FERPA, but that student data protection law does not apply to edtech companies either. Even though some of the data could be considered personal health information, like disability status, HIPAA does not apply since edtech companies are not covered by that law. The Pledge said that the FTC could hold companies accountable for failures of student data privacy, but the FTC has not enforced the Pledge even once despite repeated failures of edtech privacy and security practices. Illuminate signed on to the Pledge, and yet it clearly did not take its data security duties seriously enough.
While impressive, a pledge by the industry itself means little without regulatory standards and enforcement. The edtech industry is not against increased regulation in 2014 many edtech service providers signed on to the Student Privacy Pledge, promising to maintain a certain standard of security for student data. Past disciplinary problems can affect future education or career prospects, and information about migrant status can be used for discriminatory or harassment purposes by private individuals or immigration enforcement. However, information like migrant status and disciplinary record can still have significant consequences when exposed to the public. Most of the leaked data is not the most sensitive kind that schools collect: names and grades as opposed to financial or health records.
#Illuminate education icon free
Without strict regulation, edtech companies are free to collect just about whatever data they like, and store it however they like, without legal consequences for their failure of data responsibility. This incident shows how weak the data protections on edtech companies are in the absence of law setting comprehensive standards. NYC officials allege that Illuminate has failed its end of the agreement, and called on the FBI and NY Attorney General to investigate. In the agreement, Illuminate was required to safeguard student data and promptly notify officials in the event of a breach. Illuminate signed a strict data agreement with the New York City school district in 2020. Those affected have met the data breach with outrage, especially in New York. This meant that hackers could easily find Illuminate's online storage systems. Illuminate stored student data in its AWS system, but it named its AWS web buckets with easily guessable names, like company platforms and products-a common cybersecurity mistake. The breach seems to have been a result of insufficient security on Illuminate's Amazon Web Services data storage. The school systems affected by the breach reported that names, birthdates, racial and ethnic profiles, and test scores were leaked a few even reported that even more sensitive information was accessed, like disability status, behavioral incidents, and migrant status. The data breach is estimated to affect the personal information of over 1 million current and former students in dozens of school districts, including the US's two largest school districts, New York City and Los Angeles. On March 25th, 2022, Illuminate disclosed that it had suffered an unauthorized data access somewhere between December 28th and January 8th.
#Illuminate education icon software
School districts use Illuinate's software to keep track of students' class progress, grades, behavior, and important information relevant to their school life. It operates in 5,200 school districts, and its services affect over 17 million students. Illuminate Education is a major edtech company that provides schools with student-tracking software. One recent case, the cyberattack on edtech company Illuminate Education, proves just how vulnerable sensitive student data is and how flawed the systems to protect it are. As educational technology companies ("edtech") become more deeply ingrained in schools, they are granted stewardship over more and more sensitive data without being subject to the same privacy laws that restrict schools. Student data includes sensitive data like physical and mental health records, disciplinary history, and family financial status. Student data is both incredibly personal and woefully underprotected, as we've recently discussed. Blogs Proving the Failures of Student Data Privacy: the Cyberattack on Illuminate Education
0 kommentar(er)
