District Responds To ‘Unauthorized Access’ To Potentially Protected Student Information
A Newtown Public Schools vendor, Illuminate Education, informed the school district that some of its databases, with potentially protected student information, were subject to “unauthorized access,” as Assistant Superintendent of Schools Anne Uberti informed school parents and guardians through an e-mail in mid-May.
That same communication shared that, “Illuminate Education will be sending a letter to your home that provides more detailed information regarding their response to the incident, tips for protecting a minor’s information as well as an offer of complimentary access to 12 months of identity monitoring service for your child. The letter will also provide you with a dedicated assistance line to answer any additional questions you may have.”
In one of the Illuminate Education letters to a local parent, shared by the parent with The Newtown Bee, it said the company became aware of suspicious activity on January 8. Illuminate Education provides applications and technology support to schools and school districts, according to the letter. After the suspicious activity “in a set of isolated applications within our environment” was discovered “we took steps to secure the affected applications and launched an investigation with external forensic specialists to determine the nature and scope of the activity.”
By March, the letter continued, it was determined that certain databases containing potentially protected student information were subject to unauthorized access between December 28 and January 8. The affected databases contained names, academic and behavior information, student identification numbers, enrollment information, accommodation information, special education information, and student demographic information.
“We want to assure you that Social Security numbers and financial information were not at risk as a result of this event,” the letter reads. “Although we have no evidence that any information was subject to actual or attempted misuse, we are providing you with this notice out of an abundance of caution.”
The letter, which was dated May 27, also said that to Illuminate Education confidentiality, privacy, and security information is “among our highest priorities.” Along with utilizing outside forensic specialists the letter said the company conducted a review of its policies and procedures to implement additional security measures to “protect the security of information in our possession.”
Newtown Public Schools Director of Technology Dennis Colclough said in an e-mail on June 8, “The investigation is ongoing, but as a district we are working closely with our attorneys, as well as providing information to the attorney general, regarding the data breach. As we receive further details from Illuminate [Education], we will be sharing this information with parents — including steps we are taking as a district to ensure the future security of our students’ data.”
At least one resident has spoken at recent Board of Education meetings on the topic. Matthew Brodie spoke at the May 17 meeting as a “concerned parent.” Brodie asked the school district to take a number of actions regarding the incident including preparing a public report on how much the vendor is paid by the district, how the vendor helps support student performance, if the date was necessary, and more.
“My expectation is for the school to protect our children and that includes their identity,” Brodie wrote for prepared comments for the public participation portion of the meeting.
Education Editor Eliza Hallabeck can be reached at firstname.lastname@example.org.