News

More than 380,000 additional NYC students had personal info hacked, bringing total to over 1M

More than 380,000 additional metropolis public-school students had their personal information hacked in a large cyber assault — bringing the total variety of youngsters affected to effectively over 1 million, The Post has realized.

The New York City Department of Education final week started sending letters notifying the a whole lot of hundreds of additional present and former students that they had been victims of the cyber assault involving one of many DOE’s former software program distributors, in accordance to a letter despatched to one graduate and reviewed by The Post.

The DOE initially reported that about 800,000 present and former students had been affected however was notified by the seller in October that scores of additional youngsters additionally had been victims, the division mentioned.

New York City Department of Education Chancellor David Banks is pictured at Department of Education headquarters in Manhattan. TNS

The hacked personal data features a pupil’s identify, date of delivery, ethnicity, educational data and college enrollment, the DOE letter mentioned.

No social safety or monetary data was breached, schooling officers mentioned.

The DOE mentioned it’s providing the impacted students — a few of whom even graduated from the system a number of years earlier than the safety breach occurred — two years of free credit score and identity-monitoring providers by vendor IDX to assist defend in opposition to identification theft.

The safety breach occurred in late December 2021 to early January 2022 with the DOE’s-then software program firm Illuminate, which gives grading, attending and messaging platforms.

The metropolis public-school system has since severed ties with Illuminate.

The latest letter to affected former and present students supplies a hyperlink to an updated security notice on the DOE web site that claims, “Approximately 387,000 current and former NYCPS students were newly identified as being affected by Illuminate’s data security incident in 2022.” A DOE rep mentioned that determine is extra like 381,000.

Another 94,000 present and former public-school students are also receiving a second discover as a result of Illuminate recognized “additional information of theirs that was affected by the 2022 data security incident,” the DOE mentioned.

Yellow school bus driving in Brooklyn with the Manhattan bridge in the background.
The hacked personal data features a pupil’s identify, date of delivery, ethnicity, educational data and college enrollment, the DOE letter mentioned. Aerial Film Studio – inventory.adobe.com

“New York Public Schools is writing you with an update on a data security incident that occurred two years ago involving the company Illuminate Education,” mentioned the letter despatched from DOE Chief Information Officer Intekhab Shakil and Chief Privacy Officer Dennis Doye to the affected students final week. “NYCPS is handling this situation with the utmost seriousness.”

In May 2022, metropolis schooling officers notified the beforehand recognized 800,000 students impacted by the breach.

In the latest letter, the DOE cybersecurity officers mentioned Illuminate notified the metropolis faculty system in October of final yr that it turned conscious that “additional individuals were affected by the 2022 data security incident.

“You are one of the individuals who Illuminate recently identified as being affected by the 2022 data security incident,” Shakil and Doyle mentioned within the letter to one of many affected students.

The DOE officers insisted they’ve beefed up cybersecurity protocols and emphasised that they’re holding contractors accountable to defend students’ privateness.

“NYCPS is committed to protecting the privacy of our students’ personal information. We have a comprehensive security compliance process in place to help make sure that companies who access student information agree to comply with federal, state, and local laws and help protect your data,” the officers mentioned within the letter.

“Following the 2022 Illuminate incident, NYCPS also took steps to further ensure that schools do not use software products that involve vendors receiving or accessing student information unless and until the vendors fully complete our compliance process.”

As for the 2 years of free credit score and identity-monitoring providers being supplied to these affected, “There is no cost to you, but you must enroll and activate the services yoursel,” the DOE mentioned.

The deadline to enroll is July 30, 2024. 

The cybersecurity breach was not the one one which has impacted metropolis public-school students and staff.

Last summer season, 45,000 students, faculty employees and repair suppliers had been affected by a separate hack assault that included Social Security numbers, dates of delivery, worker IDs and OSIS numbers – the nine-digit numbers issued to all students who attend a metropolis public faculty.

Overall, 19,000 paperwork had been accessed from the file switch system MOVEIt, and 9,000 Social Security numbers had been stolen, the DOE mentioned in a letter despatched to employees on the time.

Generating...
The safety breach occurred in late December 2021 to early January 2022 with the DOE’s-then software program firm Illuminate, which gives grading, attending and messaging platforms. Pacific Press/LightRocket by way of Getty Images

As the safety breaches got here to gentle, the DOE’s former chief expertise officer, Anuraag Sharma, resigned final summer season.

Schools will not be the one juicy targets of hackers.

Medical services that preserve delicate data of sufferers have been subjected to cyber assaults, notably the One Brooklyn Health community that oversees Brookdale, Interfaith and Kingsbrook Jewish hospitals.

DOE spokeswoman Jenna Lyle advised The Post in an emailed assertion Sunday, “As we have said from the start, the safety and wellbeing of all our students and staff, including the safety of their data, is our absolute top priority. 

“This recent information, more than two years after the fact, is concerning and further validates our decision in Spring of 2022 to bar Illuminate from working with NYCPS or any of our schools. Our students and school communities deserve better.”  

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button