Public schools in New York City have been prohibited from renewing their contracts with the company behind a widely used online gradebook that suffered a data breach that exposed personal information for more than 800,000 students.
There had already been concerns about Illuminate Education’s cybersecurity measures during the inquiry into the January security breach, but the business hadn’t previously been forbidden from being utilized in New York City’s public school system.
“Based on the review of Illuminate’s security posture and response to the incident,” the DOE’s First Deputy Chancellor Dan Weisberg said in an email Tuesday, we are directing all schools to cease using all Illuminate products and services on June 30, 2022.” Numerous public schools in the city rely on Skedula and PupilPath to keep tabs on students’ grades and attendance and to connect with parents. In January, the platforms mysteriously went down, raising suspicions of a cyberattack on them.
Education authorities just reported the vast scope of the incident in March, which compromised personal information of around 820,000 present and past students and may be the greatest student data breach in US history.
Concerns regarding Illuminate’s cybersecurity practices were also raised by DOE officials in March, stating that the firm had fraudulently claimed that all of its student data had been encrypted when in reality part of it had not been. A request for comment on Tuesday’s prohibition of Illuminate goods was not returned by the firm, which did not reply to the claim at the time of its original publication.
It implies that hundreds of local schools who have depended on the platform for everyday functioning will have to find an alternative before the start of the next school year. According to Weisberg, the Department of Education recently revealed intentions to put out its own in-house grading and attendance platform. Additionally, according to Weisberg, the government is compiling a list of additional permitted third-party vendors.