More than 380,000 additional students from New York City public schools have had their personal information compromised due to a massive cyber attack.
New York Post reported that the latest information increases the total number of affected individuals to over 1 million.
Last week, New York City Public Schools confirmed that it began distributing notification letters to hundreds of thousands of current and former students, alerting them to the breach involving a former software vendor.
Initially, they reported that approximately 800,000 students’ data had been accessed, but recent updates from the involved vendor in October revealed that many more students’ data were impacted.
The data breached includes names, birth dates, ethnicity, academic records, and school enrollment information. However, no social security or financial data were compromised.
To address the aftermath of the breach, which took place between late December 2021 and early January 2022 with the software company Illuminate, NYC Public Schools is offering two years of complimentary credit and identity-monitoring services through IDX.
This initiative aims to safeguard the affected students against potential identity theft.
“Protecting the privacy of our students’ personal information. We have a comprehensive security compliance process in place to help make sure that companies who access student information agree to comply with federal, state, and local laws and help protect your data,” NYC Public Schools officials mentioned in a recent correspondence with the impacted parties.
When asked by LittleAfrica News about steps being taken following the data hacks, Chief of Staff to the mayor Camille Varlack said, “The safety and well-being of our students is always the priority. We have been working closely with Illuminate for a while now on this particular breach. Our information is that no financial or social security numbers were impacted and we have, New York City Public Schools is offering two years of free credit and identity monitoring services to any individual who received a letter. That’s the students or administrators.”
They have also “reinforced cybersecurity measures” and have ceased collaboration with Illuminate following the breach.
NYC Public Schools has also updated its policies to prevent future occurrences, stating, “Following the 2022 Illuminate incident, NYCPS also took steps to further ensure that schools do not use software products that involve vendors receiving or accessing student information unless and until the vendors fully complete our compliance process.”
Students and their families must activate the offered monitoring services by July 30, 2024, to benefit from this protective measure.
Separately, last summer, approximately 45,000 individuals, comprising students, school staff, and service providers, fell victim to an attack. The breach compromised sensitive information, including Social Security numbers, dates of birth, employee IDs, and OSIS numbers—unique nine-digit identifiers assigned to all students attending public schools in the city.
In total, 19,000 documents were breached via the file transfer system MOVEIt, resulting in the theft of 9,000 Social Security numbers, as communicated by the DOE in a letter dispatched to staff during the incident.
