nocomments

Rocklin Unified School District Reports Data Breach, Sensitive Student Data Potentially Disclosed

▸ Data Breach Class Action Investigation

On May 4, 2022, Rocklin Unified School District (“RUSD”) reported a Data Breach to the California Office of the Attorney General, providing notice through its vendor, Illuminate Education.

Illuminate Education, based in Irvine, California, provides student information management services, screening and progress monitoring for academics and social-emotional behavior, and other student tracking services.

According to Illuminate and RUSD, on January 8, 2022, Illuminate became aware of “suspicious activity” within some Illuminate applications used by RUSD.

After investigation, Illuminate determine that:

“certain databases containing potentially protected student information were subject to unauthorized access between December 28, 2021 and January 8, 2022.”

The affected databases may have contained protected data related to current and/or former Rocklin Unified School District students.

For a free privacy consultation fill out the form below or call us at 1-844-BREACH8 (1-844-273-2248).

What Information Did The Data Breach Potentially Disclose?

  • Student name
  • Academic information
  • Behavior information
  • Enrollment information
  • Accommodation information
  • Special education information
  • Student demographic information

Illuminate Education is offering the minor students 12 months of complementary identity monitoring services through IDX.

A full copy of the Rocklin Unified School District / Illuminate Date Breach Notice can be found here.

Illuminate Education’s data breach has impacted students in other school districts as well, including students in Colorado, Connecticut, and over 800,000 current and former New York City students.

The type of data potentially compromised by this data breach should be afforded the highest level of security. As noted by the former California Attorney General,

“The data on students collected and maintained by Ed Tech can be very sensitive, including medical histories, social and emotional assessments, child welfare or juvenile justice system involvement, progress reports, and test results.” [1]

The sensitive nature of this data means that “student information is something that must be handled with great care. [. . . ] As the devices we use each day become increasingly connected, it’s critical that we implement robust safeguards for what is collected, how it is used, and with whom it is shared.”[2]

Special California Privacy Laws Protect Your Information

If your student is a California resident and received a Recent Notice of Data Breach from RUSD/Illuminate Education, you may be entitled to between $100 and $1,000 or your actual damages, whichever is greater. Participants in data breach lawsuits can recover damages, injunctive relief (to make sure that the business has reasonable security practices to protect consumer data from being leaked again), and anything else the court concludes is necessary to compensate data breach victims and prevent these harms from reoccurring.

For free information on your legal right to seek compensation, fill out the form below or call us at 1-844-BREACH8 (1-844-273-2248).

California has laws that specifically protect your personal information.

  • The Student Online Personal Information Protection Act (SOPIPA) requires that every online service used primarily for K-12 school purposes must maintain reasonable security procedures and practices to protect student personal information from unauthorized access, destruction, or disclosure.
  • The California Confidentiality of Medical Information Act (CMIA) requires that every health care provider and health care service plan who maintains medical information do so in a manner that preserves its confidentiality.
  • The California Customer Records Act requires businesses to put into place and maintain reasonable security procedures and practices to protect consumer’s personal information.
  • The California Consumer Privacy Act (CCPA) contains many protections for personal information of California residents.

If certain types of personal information, like medical information and names, are left unencrypted and are accessed, stolen, or hacked because a business didn’t fulfill its obligation to implement and maintain reasonable security, an affected California resident can sue to protect their rights under the SOPIPA, CCPA, and CCRA.  Medical information is additionally covered by the CMIA.

Cyber crimes present an attractive target for hackers: Data can be bought and sold anonymously, and the going rate per personal record is low (under $20 per record, depending on the type of information according to Privacy Affairs Dark Web Index of 2021). Medical records are even more valuable, as they potentially provide access to expensive health care along with other forms of identity theft. Thieves may choose to wait years to capitalize on compromised personal data. The longer cyber thieves can go undetected, the more they stand to profit from their illegal activities.

We Can Help You Exercise Your Legal Rights

Every case is unique.  Even when your data has been part of a breach, despite the provisions of the SOPIPA, CMIA, and CCPA you may not be awarded compensation.

Experienced data breach and class action attorneys can help you exercise your rights, evaluate your options, and decide whether you are entitled to compensation.  There are no out of pocket costs to you, as we only get paid if we prevail.

For free information on your legal right to seek compensation, fill out the form below or call us at 1-844-BREACH8 (1-844-273-2248).

Confidential • No cost • No obligation

Rocklin-Illuminate data breach

Name(Required)
Address(Required)
Did you receive a data breach notification letter?
Consent(Required)

 

[1] Source: Kamala Harris, former Attorney General of California, California DOJ, Ready for School: Recommendations for the Ed Tech Industry to Protect the Privacy of Student Data (2016).

[2] Source: same.