California Attorney General Rob Bonta, along with Connecticut Attorney General William Tong and New York Attorney General Letitia James, announced Thursday that they secured a $5.1 million settlement and injunctive relief from educational technology company Illuminate Education, Inc. over a massive 2021 data breach that compromised sensitive student information across the country.
More than three million students were affected nationwide, including over 434,000 in California across 49 school districts. The exposed data included students’ names, race, medical information, and details about special education services. California will receive $3.25 million of the settlement, and Illuminate has agreed to adopt stricter data security practices under court supervision.
“Illuminate failed to appropriately safeguard the data of school children,” Bonta said in a statement. “Our investigation revealed a troubling pattern of security deficiencies that should have never happened for a company charged with protecting data about kids.” He added that the case should serve as a warning to other tech companies handling children’s data.
The joint investigation found that Illuminate failed to terminate access for former employees, neglected to monitor suspicious activity, and stored backup databases on the same network as active ones—making both vulnerable when a hacker used old employee credentials to steal and delete data. The company also misled users by falsely claiming compliance with federal and state privacy laws and by advertising itself as a signatory of the “Student Privacy Pledge.”
Under the settlement, Illuminate must implement stronger access controls, real-time monitoring, and secure database storage, and notify the California Department of Justice of future breaches. The agreement marks the state’s first enforcement under California’s K-12 Pupil Online Personal Information Protection Act (KOPIPA), which mandates heightened security for student data.
Need Help?
If you have questions or concerns about any global guidelines, regulations and laws, don’t hesitate to reach out to BABL AI. Their Audit Experts can offer valuable insight, and ensure you’re informed and compliant.
