FTC, State AGs Crack Down On Ed Tech Company After Massive Student Data Breach
FTC, State AGs Crack Down On Ed Tech Company After Massive Student Data Breach
Get stories like this delivered straight to your inbox.Sign up for The 74 Newsletter
Get و stories و like - تفاصيل مهمة
When the Federal Trade Commission announced this month it was taking action against technology company Illuminate Education over a massive 2021 data breach, it added to the list of government measures against the firm since hackers broke into its systems and made off with the sensitive information of than 10 million students.
Three state attorneys general have also now imposed penalties and security mandates on the company following allegations it misled customers about its cybersecurity safeguards and waited nearly two years to notify some school districts of the widespread data breach.
The ones that haven’t made progress in their efforts to hold Illuminate accountable are parents and students. Their pursuit hit a wall in September when the Ninth Circuit Court of Appeals dismissed a federal lawsuit filed by the breach victims. The court, ruling on a case filed in California, found that the theft of their personal data — including grades, special education information and medical records — didn’t constitute a concrete harm.
The federal appeals court affirmed a lower-court dismissal of a proposed class-action lawsuit filed by families whose children’s information was compromised. The court concluded the plaintiffs lacked standing because they did not demonstrate actual damage from the breach or an “imminent and substantial” risk of future identity theft. In the years since the cyberattack was carried out, the court concluded, there was no evidence that the records, which did not include Social Security numbers, had been misused to commit identity theft.
the و a و and - تفاصيل مهمة
“It has been than three years since the breach,” the court wrote, “and no fraud has occurred, nor is the kind of information at issue the kind that this court normally considers sufficient to find a credible threat of identity theft.”
Under a proposed settlement announced by the FTC this month, Illuminate will be required to create a “comprehensive information security program,” delete any student data it is no longer using and notify the commission of any future data breaches. Regulators allege a third-party company hired by Illuminate to assess its cybersecurity safeguards raised red flags but Illuminate failed to heed those warnings a year before it was hacked using the compromised credentials of a former employee.
a و Illuminate و the - تفاصيل مهمة
“Illuminate pledged to secure and protect personal information about children and failed to do so,” Christopher Mufarrige, director of the FTC’s Bureau of Consumer Protection, said in a media release this month. The FTC action, Mufarrige continued, should serve as a warning to other companies that the commission “will hold them accountable if they fail to keep their privacy promises to consumers, particularly when it involves children’s medical diagnoses and other personal data.”
After the data breach, which affected the country’s two largest school districts in New York City and Los Angeles among others, Illuminate was quietly acquired for an undisclosed amount by another education technology company, Renaissance Learning, in 2022. Since then, a Renaissance spokesperson said in a statement to The 74 this week, Illuminate products have been incorporated into its “cybersecurity and data protection program.”
Renaissance safeguards include “robust security protocols and controls used to safeguard the integrity and confidentiality of the data entrusted to us by schools, educators and families,” the spokesperson said.
The FTC action comes on the heels of an unprecedented multistate settlement last month, when state attorneys general in California, Connecticut and New York secured a combined $5.1 million in penalties from Illuminate, along with cybersecurity requirements that resemble the FTC’s demands. State investigators similarly alleged sweeping security flaws at the company, including the failure to monitor suspicious activity and deactivate the inactive user accounts of former employees.
the و and و in - تفاصيل مهمة
A California Department of Justice inquiry concluded that Illuminate made “false and misleading statements” about its cybersecurity safeguards in its privacy policy and “deceptively advertised” to school districts that it was a signatory of the nonprofit Future of Privacy Forum’s now-defunct “Student Privacy Pledge.”
The voluntary pledge, which was “retired” in Aprilsought to hold education technology companies accountable for maintaining “a comprehensive security program” to protect students’ personal information and to prevent the sale of student records for targeted advertising.
the و of و to - تفاصيل مهمة
Illuminate became the first ed tech company to get booted from the pledge after reporting by The 74 called into question its utility in holding tech firms accountable for failing to meet its provisions.
The multistate enforcement action was the first time Connecticut regulators reached a settlement under its state student data privacy law — which was enacted nearly a decade ago.
was و a و Related - تفاصيل مهمة
“Technology is everywhere in schools today, and Connecticut’s Student Data Privacy Law requires strict security to protect children’s information,” Connecticut Attorney General William Tong said in a statement. The settlement “holds Illuminate accountable and sends a strong message to education technology companies that they must take privacy obligations seriously.”
Sign-up for the School (in)Security newsletter.
Get the most critical news and information about students’ rights, safety and well-being delivered straight to your inbox.
the و and و Sign-up - تفاصيل مهمة
Did you use this article in your work?
We’d love to hear how The 74’s reporting is helping educators, researchers, and policymakers.Tell us how
how و و We’d - تفاصيل مهمة
Disclaimer: This news article has been republished exactly as it appeared on its original source, without any modification. We do not take any responsibility for its content, which remains solely the responsibility of the original publisher.
Author:Mark Keierleber Published on:2025-12-12 15:30:00 Source: www.the74million.org
!function(f,b,e,v,n,t,s){if(f.fbq)return;n=f.fbq=function(){n.callMethod? n.callMethod.apply(n,arguments):n.queue.push(arguments)};if(!f._fbq)f._fbq=n; n.push=n;n.loaded=!0;n.version='2.0';n.queue=();t=b.createElement(e);t.async=!0; t.src=v;s=b.getElementsByTagName(e)(0);s.parentNode.insertBefore(t,s)}(window, document,'script','https://connect.facebook.net/en_US/fbevents.js'); fbq('init', '626037510879173'); // 626037510879173 fbq('track', 'PageView');{"@context":"http://schema.org","@type":"NewsArticle","dateCreated":"2025-12-15T09:31:51+04:00","datePublished":"2025-12-15T09:31:51+04:00","dateModified":"2025-12-15T09:31:51+04:00","headline":"FTC, State AGs Crack Down on Ed Tech Company After Massive Student Data Breach","name":"FTC, State AGs Crack Down on Ed Tech Company After Massive Student Data Breach","keywords":[],"url":"https://uaetodaynews.com/ftc-state-ags-crack-down-on-ed-tech-company-after-massive-student-data-breach-the-74/","description":"Get stories like this delivered straight to your inbox. Sign up for The 74 Newsletter When the Federal Trade Commission announced this month it was taking action against technology company Illuminate","copyrightYear":"2025","articleSection":"Education","articleBody":"nnn n Get stories like this delivered straight to your inbox. Sign up for The 74 Newslettern n n n nWhen the Federal Trade Commission announced this month it was taking action against technology company Illuminate Education over a massive 2021 data breach, it added to the list of government measures against the firm since hackers broke into its systems and made off with the sensitive information of more than 10 million students. nnnnThree state attorneys general have also now imposed penalties and security mandates on the company following allegations it misled customers about its cybersecurity safeguards and waited nearly two years to notify some school districts of the widespread data breach. nnnnThe ones that havenu2019t made progress in their efforts to hold Illuminate accountable are parents and students. Their pursuit hit a wall in September when the Ninth Circuit Court of Appeals dismissed a federal lawsuit filed by the breach victims. The court, ruling on a case filed in California, found that the theft of their personal data u2014 including grades, special education information and medical records u2014 didnu2019t constitute a concrete harm.nnnnThe federal appeals court affirmed a lower-court dismissal of a proposed class-action lawsuit filed by families whose childrenu2019s information was compromised. The court concluded the plaintiffs lacked standing because they did not demonstrate actual damage from the breach or an u201cimminent and substantialu201d risk of future identity theft. In the years since the cyberattack was carried out, the court concluded, there was no evidence that the records, which did not include Social Security numbers, had been misused to commit identity theft. nnnnu201cIt has been more than three years since the breach,u201d the court wrote, u201cand no fraud has occurred, nor is the kind of information at issue the kind that this court normally considers sufficient to find a credible threat of identity theft.u201d nnnnRelatedAfter Huge Illuminate Data Breach, Ed Techu2019s u2018Student Privacy Pledgeu2019 Under FirennnnUnder a proposed settlement announced by the FTC this month, Illuminate will be required to create a u201ccomprehensive information security program,u201d delete any student data it is no longer using and notify the commission of any future data breaches. Regulators allege a third-party company hired by Illuminate to assess its cybersecurity safeguards raised red flags but Illuminate failed to heed those warnings a year before it was hacked using the compromised credentials of a former employee.nnnnu201cIlluminate pledged to secure and protect personal information about children and failed to do so,u201d Christopher Mufarrige, director of the FTCu2019s Bureau of Consumer Protection, said in a media release this month. The FTC action, Mufarrige continued, should serve as a warning to other companies that the commission u201cwill hold them accountable if they fail to keep their privacy promises to consumers, particularly when it involves childrenu2019s medical diagnoses and other personal data.u201dnnnnAfter the data breach, which affected the countryu2019s two largest school districts in New York City and Los Angeles among others, Illuminate was quietly acquired for an undisclosed amount by another education technology company, Renaissance Learning, in 2022. Since then, a Renaissance spokesperson said in a statement to The 74 this week, Illuminate products have been incorporated into its u201ccybersecurity and data protection program.u201d nnnnRenaissance safeguards include u201crobust security protocols and controls used to safeguard the integrity and confidentiality of the data entrusted to us by schools, educators and families,u201d the spokesperson said.nnnnThe FTC action comes on the heels of an unprecedented multistate settlement last month, when state attorneys general in California, Connecticut and New York secured a combined $5.1 million in penalties from Illuminate, along with cybersecurity requirements that resemble the FTCu2019s demands. State investigators similarly alleged sweeping security flaws at the company, including the failure to monitor suspicious activity and deactivate the inactive user accounts of former employees. nnnnRelatedKept in the Dark: Meet the Hired Guns Who Ensure School Cyberattacks Stay HiddennnnnA California Department of Justice inquiry concluded that Illuminate made u201cfalse and misleading statementsu201d about its cybersecurity safeguards in its privacy policy and u201cdeceptively advertisedu201d to school districts that it was a signatory of the nonprofit Future of Privacy Forumu2019s now-defunct u201cStudent Privacy Pledge.u201d nnnnThe voluntary pledge, which was u201cretiredu201d in Aprilsought to hold education technology companies accountable for maintaining u201ca comprehensive security programu201d to protect studentsu2019 personal information and to prevent the sale of student records for targeted advertising. nnnnIlluminate became the first ed tech company to get booted from the pledge after reporting by The 74 called into question its utility in holding tech firms accountable for failing to meet its provisions. nnnnRelatedIlluminate Ed Pulled from u2018Student Privacy Pledgeu2019 After Massive Data BreachnnnnThe multistate enforcement action was the first time Connecticut regulators reached a settlement under its state student data privacy law u2014u00a0which was enacted nearly a decade ago. nnnnu201cTechnology is everywhere in schools today, and Connecticutu2019s Student Data Privacy Law requires strict security to protect childrenu2019s information,u201d Connecticut Attorney General William Tong said in a statement. The settlement u201cholds Illuminate accountable and sends a strong message to education technology companies that they must take privacy obligations seriously.u201dnnnnnn Sign-up for the School (in)Security newsletter.n Get the most critical news and information about students' rights, safety and well-being delivered straight to your inbox.n nnnnnn n n n Did you use this article in your work?
nWeu2019d love to hear how The 74u2019s reporting is helping educators, researchers, and policymakers. Tell us hown n nnn !function(f,b,e,v,n,t,s){if(f.fbq)return;n=f.fbq=function(){n.callMethod?n n.callMethod.apply(n,arguments):n.queue.push(arguments)};if(!f._fbq)f._fbq=n;n n.push=n;n.loaded=!0;n.version='2.0';n.queue=();t=b.createElement(e);t.async=!0;n t.src=v;s=b.getElementsByTagName(e)(0);s.parentNode.insertBefore(t,s)}(window,n document,'script','https://connect.facebook.net/en_US/fbevents.js');n fbq('init', '626037510879173'); // 626037510879173n fbq('track', 'PageView');n nnnnnDisclaimer: This news article has been republished exactly as it appeared on its original source, without any modification. nWe do not take any responsibility for its content, which remains solely the responsibility of the original publisher.nnnnnnAuthor: Mark KeierlebernPublished on: 2025-12-12 15:30:00nSource: www.the74million.orgn","publisher":{"@id":"#Publisher","@type":"Organization","name":"uaetodaynews","logo":{"@type":"ImageObject","url":"https://uaetodaynews.com/wp-content/uploads/2025/09/images-e1759081190269.png"},"sameAs":["https://www.facebook.com/uaetodaynewscom","https://www.pinterest.com/uaetodaynews/","https://www.instagram.com/uaetoday_news_com/"]},"sourceOrganization":{"@id":"#Publisher"},"copyrightHolder":{"@id":"#Publisher"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://uaetodaynews.com/ftc-state-ags-crack-down-on-ed-tech-company-after-massive-student-data-breach-the-74/","breadcrumb":{"@id":"#Breadcrumb"}},"author":{"@type":"Person","name":"uaetodaynews","url":"https://uaetodaynews.com/author/arabsongmedia-net/"},"image":{"@type":"ImageObject","url":"https://i0.wp.com/uaetodaynews.com/wp-content/uploads/2025/12/school-insecurity-illuminate-ed-data-breach-825x495.jpg?fit=825%2C495&ssl=1","width":1200,"height":495}}
Disclaimer: This news article has been republished exactly as it appeared on its original source, without any modification. We do not take any responsibility for its content, which remains solely the responsibility of the original publisher.
Author: uaetodaynews Published on: 2025-12-15 07:31:00 Source: uaetodaynews.com
