Additionally, more than 380,000 city public school students had their personal data hacked in a large-scale cyberattack, bringing the total number of children affected to well over 1 million, the paper reported.
Last week, the New York City Department of Education announced that hundreds of thousands more current and former students were victims of a cyberattack involving one of the DOE’s former software vendors, according to a letter sent to and confirmed by an alumnus. We have begun sending letters to inform you of this. By Post.
The DOE initially reported that about 800,000 current and former students were affected, but the agency said it was notified by vendors in October that more children were also affected.
According to the DOE letter, the hacked personal information includes students’ names, dates of birth, ethnicity, academic background, and enrollment status.
Education officials said no social security or financial information was compromised.
The DOE is offering affected students, some of whom graduated from the system years before the breach, a two-year free trial through vendor IDX to protect them from identity theft. announced that it will provide credit and ID monitoring services.
The security breach occurred from late December 2021 to early January 2022 at Illuminate, then a DOE software company that provided a grading, attendance, and messaging platform.
The city’s public school system subsequently severed ties with Illuminate.
A recent letter to affected former and current students reads: Updated security notice The DOE website states that “approximately 387,000 current and former NYCPS students have been newly identified as being affected by the Illuminate data security incident in 2022.” A DOE official said the number is closer to 381,000.
An additional 94,000 current and former public school students have also received a second notification after Illuminate identified “additional information affected by the 2022 data security incident,” the DOE said.
“New York State Public Schools is providing an update on the data security incident that occurred two years ago involving Illuminate Education, Inc.,” said DOE Chief Information Officer Intekab Shakil and Chief Privacy Officer Dennis Doy’s final letter to affected students reads: week. “NYCPS is treating this situation with the utmost seriousness.”
In May 2022, city education officials notified 800,000 students affected by a previously identified data breach.
DOE cybersecurity officials said in a recent letter that Illuminate made the city school system aware last October that “additional individuals were affected by the 2022 data security incident.” He said he had been notified.
“You are one of the individuals recently identified by Illuminate as being affected by the 2022 data security incident,” Shakil and Doyle wrote in a letter to one of the affected students. Ta.
DOE officials insisted they are strengthening cybersecurity protocols and holding contractors accountable to protect student privacy.
“NYCPS is committed to protecting the privacy of student personal information. We ensure that companies with access to student information comply with federal, state, and local laws and protect your data. We have a comprehensive security compliance process in place to ensure compliance,” officials said in the letter.
“Following the 2022 Illuminate incident, NYCPS is further ensuring that schools do not use software products that allow vendors to receive or access student information unless the vendor has fully completed our compliance processes.” We have taken steps to do so.”
Regarding the two years of free credit and identity monitoring services provided to affected people, the DOE said, “There is no cost, but you must register and activate the service yourself.”
Registration deadline is July 30, 2024.
It wasn’t just the cybersecurity breach that affected students and staff at the city’s public schools.
Last summer, 45,000 students, school staff, and service providers were affected by another hacking attack. These included Social Security numbers, dates of birth, employee IDs, and OSIS numbers (a nine-digit number issued to all students attending the city’s public schools).
In all, 19,000 documents were accessed through the MOVEIt file transfer system and 9,000 Social Security numbers were stolen, the DOE said in a letter to staff at the time.
Anurag Sharma, the Energy Department’s former chief technology officer, resigned last summer after the security breach came to light.
Schools aren’t the only attractive targets for hackers.
One Brooklyn Health Network, which oversees medical facilities that store sensitive patient records, particularly Brookdale, Interfaith and Kingsbrook Jewish Hospitals, has come under cyberattack.
DOE spokeswoman Jenna Lyle told the Post in an emailed statement Sunday:
“This recent information, more than two years after the fact, is alarming and further supports the spring 2022 decision to prohibit Illuminate from working with NYCPS and our schools. Our students and schools The community deserves better.”
