Pearson Data Breach Information
The Central New York Regional Information Center and area school superintendents met Thursday after being alerted of a national data breach compromising student information.
The breach was discovered by the FBI and stems from an attack against education software developer Pearson, which compromised student names, dates of birth, ID numbers and in some cases, email addresses. The attack was focused specifically on Pearson alone; no component school districts suffered any cyber security breach of information internally.
Immediately upon learning of the situation, the CNYRIC contacted Pearson and began gathering data on the affected school districts in the region to determine the extent of the breach. As of August 28, CNYRIC had the most detailed information available of the extent of the breach and communicated this specific information to impacted districts.
“We have been in constant contact with Pearson to obtain district-specific information and will update the affected parties as Pearson provides more information,” said Pamela Mazzaferro, Central New York Regional Information Center Director.
Districts are contacting students, staff and parents to alert them of the situation and, through Education Law 2-D, are developing additional privacy protection measures. Education Law 2-D works to safeguard personally identifiable information by analyzing and protecting the integrity of cybersecurity related to third-party contractors, such as Pearson.
“CNYRIC is constantly striving to ensure that district data and personally identifiable information are protected; aligning ourselves with Education Law 2-D requirements will help ensure privacy protection with third-party vendors in the future,” Mazzaferro said.
For more information, please contact Pamela Mazzaferro at (315) 433-8300
Timeline of events
November 2018 - Data breach occurs
March 2019 - Pearson notified by FBI of breach
August 2019 - CNYRIC recieves notification from Pearson about breach. Pearson tells CNYRIC that they have communicated with districts on how to securely access their breached data.
August 2019 - As districts attempt to access their files they are told by Pearson that they need to contact CNYRIC to get their data. Some districts told by Pearson they were not part of the breach but in fact they were.
Last week of August 2019 - CNYRIC receives data from Pearson and creates a secure means for each district to access their data.