The FTC has proposed requiring Illuminate Education to delete unnecessary student data and enhance security after a 2021 breach exposed information for over 10 million students. The incident revealed significant security failures, including poor access controls and delayed breach notification, leading to financial settlements with multiple states. #IlluminateEducation #StudentDataBreach
Keypoints
- Illuminate Education experienced a data breach in December 2021 that exposed personal information of 10.1 million students.
- The company had security vulnerabilities such as weak access controls, poor monitoring, and storing data in plain text.
- A hacker used credentials from a former employee to access Illuminateβs databases hosted on a third-party cloud provider.
- Despite warnings from a vendor, Illuminate did not address its security flaws and delayed notifying affected users.
- The FTC requires Illuminate to improve security measures, delete unnecessary data, and notify authorities promptly of breaches.