{"id":228099,"date":"2026-06-08T14:17:00","date_gmt":"2026-06-08T18:17:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/08\/ftc-orders-illuminate-education-to-bolster-data-security-after-breach-impacting-10m-students\/"},"modified":"2026-06-08T14:20:14","modified_gmt":"2026-06-08T18:20:14","slug":"ftc-orders-illuminate-education-to-bolster-data-security-after-breach-impacting-10m-students","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/08\/ftc-orders-illuminate-education-to-bolster-data-security-after-breach-impacting-10m-students\/","title":{"rendered":"FTC orders Illuminate Education to bolster data security after breach impacting 10M students"},"content":{"rendered":"<p><a href=\"https:\/\/statescoop.com\/ftc-orders-illuminate-education-to-bolster-data-security-after-breach-impacting-10m-students\/\">FTC orders Illuminate Education to bolster data security after breach impacting 10M students<\/a><\/p>\n<p><a href=\"https:\/\/statescoop.com\/ftc-orders-illuminate-education-to-bolster-data-security-after-breach-impacting-10m-students\/\">https:\/\/statescoop.com\/ftc-orders-illuminate-education-to-bolster-data-security-after-breach-impacting-10m-students\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-08 14:17:00<\/a><\/p>\n<p>Source Domain: <a href=\"statescoop.com\">statescoop.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>The Federal Trade Commission finalized an order Friday against K-12 software vendor Illuminate Education, directing the company to improve its data security measures and barring it from misrepresenting its data privacy practices or breach notification times after a breach in 2021 impacted the data of more than 10 million current and former students.<\/p>\n<p>The final order, which the FTC said was modified following a period of public comment, comes after the federal agency found that Illuminate, which provides student grading and attendance software, allegedly failed to implement reasonable security controls. These failures, the FTC alleged, were contributing factors in a December 2021 cyberattack on the company, which exposed the personal data of about 10.1 million current and former students across dozens of school districts in several states, including New York City\u2019s large public school system.<\/p>\n<p>In the attack, a hacker allegedly used credentials of a former employee to access the data, which included students\u2019 email and mailing addresses, dates of birth, student records, and health-related information. The FTC also alleged that Illuminate ignored security warnings dating back to 2020, such as those from a third-party vendor about security vulnerabilities on its network. Illuminate\u2019s security woes included failing to implement reasonable access controls that safeguard students\u2019 personal information, effective threat detection and response, vulnerability monitoring, and patch management practices.<\/p>\n<p>Additionally, the FTC claimed the company did not inform some school districts of the breach in a timely manner, with some not notified until two years after the breach.<\/p>\n<p>Instead of a monetary settlement, the agency has directed the company to show that it\u2019s making improvements to its data practices. The order directs the company to establish a comprehensive data security program and to limit the collection and retention of certain consumer data. It also orders Illuminate to delete unnecessary personal data, and to make public a data retention schedule along with other records demonstrating compliance.<\/p>\n<p>While the FTC published the proposed order in December, the June order with input from public comment only contains one substantive change, which explicitly requires that Illuminate engage in data minimization practices, which is a safeguard\u00a0advocated for by data privacy experts\u00a0that involves only collecting, processing or maintaining personal data that is necessary from consumers to achieve a specific objective. <\/p>\n<p>Along with the directives to improve its internal data security practices, the FTC\u2019s order also prohibits the company from misrepresenting those data privacy practices in the future. The FTC, in its news release from December about the proposed order, notes that Illuminate\u2019s website lists that  it protects \u201cyour data like it\u2019s our own\u201d and that it takes \u201csecurity measures\u2014physical, electronic, and procedural\u2014to help defend against the unauthorized access and disclosure of your information.\u201d Illuminate also made these claims in the contracts it signed with school systems, the FTC said. <\/p>\n<p>Illuminate is also required to notify the FTC of any reportable data breaches if another federal, state or local government agency is alerted about it. <\/p>\n<p>\t\t\tWritten by Keely Quinlan<br \/>\n\t\t\tKeely Quinlan reports on privacy and digital government for StateScoop. She was an investigative news reporter with Clarksville Now in Tennessee, where she resides, and her coverage included local crimes, courts, public education and public health. Her work has appeared in Teen Vogue, Stereogum and other outlets. She earned her bachelor\u2019s in journalism and master\u2019s in social and cultural analysis from New York University.\t\t<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>FTC orders Illuminate Education to bolster data security after breach impacting 10M students https:\/\/statescoop.com\/ftc-orders-illuminate-education-to-bolster-data-security-after-breach-impacting-10m-students\/ Publish&#8230;<\/p>\n","protected":false},"author":1,"featured_media":228100,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/statescoop.com\/wp-content\/uploads\/sites\/6\/2026\/06\/GettyImages-2242475840.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[30,28,35,27],"class_list":["post-228099","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-breach","tag-data-security","tag-hacker","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/228099"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=228099"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/228099\/revisions"}],"predecessor-version":[{"id":228101,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/228099\/revisions\/228101"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/228100"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=228099"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=228099"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=228099"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}