DeKALB – The first and last names, and birthdays of DeKalb School District 428 students were accessed by a third party due to a data breach on a web platform used by Pearson Clinical Assessment, a performance assessment tool used by educators around the globe, says District 428 Superintendent Jaime Craven.
On July 19, the district was notified by Pearson that there was a third-party breach in or around November 2018, on the web platform AIMSweb 1.0, and identifying information of all the platform’s users was accessed by an unknown third party, which includes D428 students. No grade or assessment information was affected by the incident, and the platform does not contain Social Security numbers, credit card data or other financial information, according to a July 19 letter from Pearson.
Craven said the district has used the web platform from 2006 to 2018 to assess kindergarten through fifth grade performance levels in math and English language arts. Craven sent an email to all D428 parents Friday shortly after noon.
“Anytime there’s a data breach from a third-party provider, that’s a concern,” Craven said Friday. “In this [case] fortunately it was only first name, last name, and date of birth, and no other information. It’s our understanding that anybody who was enrolled in their platform [since the 1990s] had their info breached. We have to assume it goes back that far.”
The district stopped using the platform in the 2018-19 school year. No data breached has any relation to the Chromebook 1:1 devices that D428 students use, Craven said.
Pearson is a widely used platform and services around 300,000 customers, according to its website.
In the letter written by Arthur Valentine, managing director of the Pearson Clinical Assessment, he says the company became aware of the breach in mid-March of 2019.
“We immediately launched a review, which included outside cybersecurity experts, to determine the nature and extent of any data potentially affected,” Valentine said in his letter. “Person is also working with law enforcement.”
“Pearson is a worldwide company,” Craven said. “They handle state testing in multiple states, they’re involved in Common Core, and the Illinois Assessment and Readiness. But in this case, it was restricted to AIMSweb 1.0 users, so at this time we’re still following up with Pearson to make sure they have all their checks and balances in place to ensure there won’t be other data breaches.”
Craven said the district uses the external academic screener for K-5 to assess performance level at the beginning of each school year, and the data collected through the screening is used to inform teachers on how to best tailor their lessons to the needs of the students.
Pearson is offering free credit monitoring to students impacted by the breach through the following number: 1-866-883-3309. Parents or students are encouraged to contact Pearson with more questions at firstname.lastname@example.org.
This is a developing story. Stay tuned for updates.