Pearson, a UK education software company, has warned more than 13,000 school district and university AimsWeb accounts across the United States were affected by a data breach. This breach to the company’s AimsWeb accounts based in the U.S. has exposed some low risk data pertaining to hundreds of thousands of students.
The names and dates of birth for 24,282 current and former Greenville County Schools students are impacted by this breach. These students attended kindergarten in the district from 2012-13 through 2016-17 and were born between 2004 and 2011. Neither school grades nor assessment information was affected, and the breached system did not contain personal addresses, social security numbers, credit-card data, or other financial information that is often the objective of hackers.
The district is working to locate contact information on individual students whose data was breached. In addition to blanket notification through the media, the district will notify affected families by letter via U.S. mail when possible. Those letters will be mailed early next week. Pearson is providing complimentary credit monitoring via Experian (1-866-883-3309). Additionally, the Federal Trade Commission has a website with suggested actions following a loss of data at https://www.identitytheft.gov/Info-Lost-or-Stolen).
“Greenville County Schools has both employees and systems whose sole purpose is to protect our student data,” said Superintendent W. Burke Royster. “Doing so includes carefully screening and vetting the vendors with whom we enter into data sharing agreements. Unfortunately, in the modern world large data systems are constantly under attack from cyberthieves and sometimes those thieves find a way to break in. This is one reason we no longer collect student social security numbers for school registration.”
State law requires South Carolina districts to have a formal assessment and data monitoring system. AimsWeb was used for this purpose for a number of years, but was discontinued after the 2016-17 school year.
Again, the data breach was experienced by AimsWeb, a subsidiary of Pearson. Student names are not considered protected information, but in South Carolina dates of birth are protected when those dates are matched with a name.