Third-party company with D51 experienced data breach
GRAND JUNCTION, Colo. (KKCO) - UPDATE (April 28 at 4:20 p.m.): Illuminate Education, the parent company of a system Mesa County Valley School District 51 used to hold student data, experienced a data breach between Dec. 28, 2021, and Jan 8, 2022.
D51 states it has learned which student and staff information was accessed.
For students, it includes student birthdate, student and state identification, email address, grades, transcript information, graduation dates, demographic information, behavior incidents, schedules, enrollment history, primary language, disabilities, special education services, if on a 504 plan, individualized education program, gifted program, and enrollment at Dual Immersion Academy.
The staff information that was accessed was names, staff identification numbers, school codes, employee usernames, and their students’ grades.
According to D51, the information does not seem it has been used in any harmful matter.
Illuminate Education will notify those affected and provide 12 months of identity monitoring services.
INITIAL ARTICLE: A third-party company, Illuminate Education, that holds student data for school districts nationwide, including Mesa County Valley School District 51, experienced a data breach.
Illuminate Education confirmed in an investigation specific databases containing student information were breached between Dec. 28, 2021, and Jan. 8, 2022.
The databases impacted may have included student names, academic and behavior information, enrollment information, accommodation information, special education information, and demographic information.
Social security numbers and financial information was not part of the breach.
“We are probably one of very many school districts that were using them that did get breached,” said D51 Executive Director of Technology Dan Burke. “Right now, we are doing an investigation on what fields got breached and what fields were breached. We’ve alerted the attorney general, and we will be reaching out to individuals that did get breached to let them know exactly.”
The data has been secured, and there was no damage or copying of information. It is not believed the breach was conducted with harmful intent.
Copyright 2022 KKCO. All rights reserved.