Data Breach Hits Central NY Schools

The Central New York Regional Information Center and area school superintendents met Thursday after being alerted of a national data breach compromising student information.

The breach was discovered by the FBI and stems from an attack against education software developer Pearson, which compromised student names, dates of birth, ID numbers and in some cases, email addresses. The attack was focused specifically on Pearson alone; no component school districts suffered any cyber security breach of information internally.

Immediately upon learning of the situation, the CNYRIC contacted Pearson and began gathering data on the affected school districts in the region to determine the extent of the breach. As of August 28, CNYRIC had the most detailed information available of the extent of the breach and communicated this specific information to impacted districts.

“We have been in constant contact with Pearson to obtain district-specific information and will update the affected parties as Pearson provides more information,” said Pamela Mazzaferro, Central New York Regional Information Center Director.

Districts are contacting students, staff and parents to alert them of the situation and, through Education Law 2-D, are developing additional privacy protection measures. Education Law 2-D works to safeguard personally identifiable information by analyzing and protecting the integrity of cybersecurity related to third-party contractors, such as Pearson.

“CNYRIC is constantly striving to ensure that district data and personally identifiable information are protected; aligning ourselves with Education Law 2-D requirements will help ensure privacy protection with third-party vendors in the future,” Mazzaferro said.

For more information, please contact Pamela Mazzaferro at (315) 433-8300 or visitwww.cnyric.org/pearsonInfo. CNYRIC will continue to update this webpage with additional details shared by Pearson and/or the FBI.  

McGraw School was one school that was targeted in the unauthorized access of Personally Identifiable Information from the AIMSweb 1.0 system. AIMSweb is an assessment platform that was last utilized by the McGraw Central School District in 2013 and provided by Pearson Clinical Assessment (Pearson).  There were 378 students and 31 adults listed in the breach which included student names and birthdates, and staff names and school email accounts.  Letters will be going home to all families affected by this along with information from Pearson regarding complimentary credit monitoring from Experian for one year.