Attendance tracking software used at The New York City Department of Education, exposed student information

Attendance tracking software used at The New York City Department of Education, exposed student information

https://www.k12dive.com/news/data-breach-exposes-820k-new-york-city-students-information/621352/

Exploit: Supply Chain Risk
The New York City Department of Education: Government Agency

Chowbus-img1

Risk to Business: 2.829 = Moderate

The New York City Department of Education has discovered that the personal information of an estimated 850,000 students was exposed in a supply chain service provider data breach in January. That incident occurred at Illuminate Education, a California-based company that provides software to track grades and attendance.  An agreement that the vendor had with NYC Schools called for the data to be encrypted, but it was discovered to not have occurred at the time of the breach. The incident is under investigation by New York state officials. 

eResearch-Technology-img2

Individual Impact:

No information about consumer/employee PII, PHI or financial data exposure was available at press time.

How It Could Affect Your Customers’ Business: A security failure at a supplier can lead to a headache like a data breach for any organization.

Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk

*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.