Hackers gain access to D-428 students' names, birthdates through third-party platform breach

Pearson Clinical Assessment announces November 2018 data breach

DeKALB – The first and last names and birthdates of DeKalb School District 428 students were accessed by a hacker after a data breach on a web platform operated by Pearson Clinical Assessment, a performance assessment tool used by educators around the globe, district Superintendent Jaime Craven said Friday.

On July 19, the district was notified by Pearson that there was a data breach of the web platform AIMSweb 1.0 that occurred sometime around November, and personally identifying information of all the platform's users was accessed by the hacker, which includes district students. No grade or assessment information was affected by the incident, and the platform does not contain Social Security numbers, credit card data or other financial information, according to a July 19 letter from Pearson.

Craven said the district had used the web platform from 2006 to 2018 to assess kindergarten through fifth grade performance levels in math and English language arts. Craven sent an email about the breach to district parents about noon Friday.

“Any time there’s a data breach from a third-party provider, that’s a concern,” Craven said Friday. “In this [case] fortunately it was only first name, last name and date of birth, and no other information. It’s our understanding that anybody who was enrolled in their platform [since the 1990s] had their info breached. We have to assume it goes back that far.”

The district stopped using the platform for the 2018-19 school year. No data breached has any relation to the Chromebooks that district students use, Craven said.

Pearson is a widely used platform and services about 300,000 customers, according to its website.

In the July 19 letter by Arthur Valentine, managing director of the Pearson Clinical Assessment, Valentine wrote that the company became aware of the breach in mid-March.

“We immediately launched a review, which included outside cybersecurity experts, to determine the nature and extent of any data potentially affected,” Valentine wrote. “Pearson is also working with law enforcement.”

“Pearson is a worldwide company,” Craven said. “They handle state testing in multiple states; they’re involved in Common Core and the Illinois Assessment and Readiness. But in this case, it was restricted to AIMSweb 1.0 users, so at this time we’re still following up with Pearson to make sure they have all their checks and balances in place to ensure there won’t be other data breaches.”

Craven said the district uses the external academic screener for grades K-5 to assess performance levels at the beginning of each school year, and the data collected through the screening is used to inform teachers on how to best tailor their lessons to the needs of the students.

Pearson is offering free credit monitoring to students affected by the breach through the following number: 1-866-883-3309.

Parents or students with more questions are encouraged to contact Pearson at pearson@d428.org.