National Data Breach Notification and Letter
The Central New York Regional Information Center and area school superintendents met Thursday after being alerted of a national data breach compromising student information.
The breach was discovered by the FBI and stems from an attack against education software developer Pearson, which compromised student names, dates of birth, ID numbers and in some cases, email addresses. The attack was focused specifically on Pearson alone; no component school districts suffered any cyber security breach of information internally.
Immediately upon learning of the situation, the CNYRIC contacted Pearson and began gathering data on the affected school districts in the region to determine the extent of the breach. As of August 28, CNYRIC had the most detailed information available of the extent of the breach and communicated this specific information to impacted districts.
“We have been in constant contact with Pearson to obtain district-specific information and will update the affected parties as Pearson provides more information,” said Pamela Mazzaferro, Central New York Regional Information Center Director.
Districts are contacting students, staff and parents to alert them of the situation and, through Education Law 2-D, are developing additional privacy protection measures. Education Law 2-D works to safeguard personally identifiable information by analyzing and protecting the integrity of cybersecurity related to third-party contractors, such as Pearson.
“CNYRIC is constantly striving to ensure that district data and personally identifiable information are protected; aligning ourselves with Education Law 2-D requirements will help ensure privacy protection with third-party vendors in the future,” Mazzaferro said.
For more information, please contact Pamela Mazzaferro at (315) 433-8300 or visit www.cnyric.org/pearsonInfo. CNYRIC will continue to update this webpage with additional details shared by Pearson and/or the FBI.