October 18, 2021

Data breach reported at 6 school districts

Personal data may have been stolen from up to 7,000 students in six greater Cortland area school districts in a breach of software on an educational platform the schools had been using, officials said Thursday.

Nearly 5,500 students may be affected: 3,000 in Cortland, 1,700 in Homer, about 795 in Groton, 677 in Marathon, 534 in McGraw and 343 in DeRuyter.

“Homer is committed to protecting and securing education data,” Homer Superintendent Thomas Turck said in a
news release. “Our team has extensive training in data security and privacy, and our systems have many controls in place to protect your child’s educational records.”

Michael Hoose, the superintendent of the Cortland City Enlarged School District, agreed with Turck’s statement to protecting data.

Turck said both current and former students were affected. Hoose said he didn’t have those breakdown details.

Students’ first and last names, their dates of birth and student information system identification numbers were stolen during a data breach on or around November, according to a news release from the districts.

The districts received the list of affected people Wednesday from the Central New York Regional Information Center. People whose information was taken will be notified via first-class mail.

The information was accessed through the AIMSWeb 1.0 system, an assessment platform through Pearson Clinical Assessment, which “monitored student progress in English language arts and mathematics,” the release said.

The district said it stopped using the platform in 2017.

The center told school districts that Pearson has taken steps to mitigate the incident and is working on increasing its protections against possible future attacks.

The two districts were among 13,000 across the nation affected.

Similar hacks were reported in Las Vegas and Reno, Nevada, and Bismarck, North Dakota, affecting almost 700,000 students and a smaller number of educators.

“Protecting our customers’ information is of critical importance to us,” said a statement from Pearson. “We have strict data protections in place and have reviewed this incident, found and fixed the vulnerability.
While we have no evidence that this information has been misused, we have notified the affected customers as a precaution. We apologize to those affected and are offering complimentary credit monitoring services as a precautionary measure.”

Pearson is offering complimentary credit monitoring from Experian, a credit monitoring company, to anyone affected for one year. To learn more people can call 866-883-3309.