CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

FTC settlement mandates Illuminate Education to delete unnecessary student data and improve security

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

The Federal Trade Commission (FTC) has proposed a settlement with Illuminate Education, requiring the company to delete unnecessary student data and enhance its security measures. This follows a 2021 incident where a hacker accessed Illuminate's systems using a former employee's credentials, exposing the personal data of approximately 10.1 million students. The FTC alleges multiple security failures, including poor access controls, weak vulnerability monitoring, and plain-text storage of sensitive data. The settlement also requires Illuminate to stop misrepresenting its security practices and notify the FTC of any future data breaches. The order is open for public comment for 30 days, with violations incurring civil penalties.

Timeline

  1. 02.12.2025 22:50 1 articles · 23h ago

    FTC proposes settlement with Illuminate Education over 2021 data breach

    The FTC has proposed a settlement with Illuminate Education, requiring the company to delete unnecessary student data and enhance its security measures. The settlement follows a 2021 incident where a hacker accessed Illuminate's systems using a former employee's credentials, exposing the data of 10.1 million students. The FTC alleges multiple security failures and misrepresentations by Illuminate, leading to the proposed settlement.

    Show sources
    Open in new tab

Information Snippets

  • Illuminate Education is a cloud-based technology provider for K-12 schools, offering tools to collect, organize, and analyze student data.

    First reported: 02.12.2025 22:50
    1 source, 1 article
    Show sources

  • In December 2021, a hacker accessed Illuminate's systems using credentials from a former employee, exfiltrating data of 10.1 million students, including email addresses, physical addresses, dates of birth, student records, and health-related information.

    First reported: 02.12.2025 22:50
    1 source, 1 article
    Show sources

  • The FTC alleges Illuminate failed in its security program, including lack of access controls, poor detection and response, weak vulnerability monitoring, and plain-text storage of data.

    First reported: 02.12.2025 22:50
    1 source, 1 article
    Show sources

  • Illuminate misrepresented its security stance and data protection measures in contracts, claiming to meet or exceed industry best practices, including data encryption.

    First reported: 02.12.2025 22:50
    1 source, 1 article
    Show sources

  • The FTC settlement requires Illuminate to delete unnecessary data, follow a public data-retention schedule, stop misrepresenting its security practices, and notify the FTC of any data breaches.

    First reported: 02.12.2025 22:50
    1 source, 1 article
    Show sources

  • The order is open for public comment for 30 days, with violations incurring a civil penalty of up to $51,744 per case.

    First reported: 02.12.2025 22:50
    1 source, 1 article
    Show sources