August 8, 2019 - Recently, we were made aware of a data breach involving information maintained by one of our vendors, Pearson Education. In the official letter we received from Pearson (attached below), we learned that an unauthorized third party gained access to data related to one of their products, AIMSweb 1.0. Based upon their review, Pearson believes the incident occurred on or around November 2018.
AIMSweb is a website used by many schools, including those in West Shore, for assessment and progress monitoring. While Pearson does not have any evidence that the data accessed has been misused, out of an abundance of caution, we wanted to provide information about the breach to all members of our community. Additionally, due to the timing, we felt it would be helpful to make sure our high school families understood that the data breach is not connected to the Chromebook program.
In their letter, Pearson indicated the following data may have been affected:
- Students’ first and last names
- Students’ dates of birth and email addresses
- Account administrators’ first and last names
- Account administrators’ job titles, work email addresses, and work addresses
Although AIMSweb is an assessment tool, it is important to note that grades and assessment information were not affected. Additionally, Pearson’s platform does not contain Social Security numbers, credit card data, or other financial information.
We have secured the list of impacted individuals and information from Pearson, and it appears our accessed data does not include student email addresses. However, the list does contain the date of birth of current and former students spanning multiple school years. We are currently matching names with available contact information and later this week will make every effort to notify those individuals by email. UPDATE: Notification was sent via email to families impacted on Friday, August 9. Only those families with children who had data breached were sent the email. This data breach did not impact all our families. Additionally, after reviewing the list of account administrators, we have determined that all accessed data is readily available public information, such as work email addresses, and therefore, no individual contact with staff will be made.
As a result of this incident, Pearson is offering complimentary credit monitoring services from Experian for affected individuals. This option is being provided for those who wish to enroll as a precautionary measure. If you are interested in learning more about this option, please call Pearson at 1-866-883-3309 or email firstname.lastname@example.org.
We take data security very seriously, and while this was not an attack on our systems or our data retention, we work to ensure our third-party vendors, such as Pearson, place the same value on data security as we do. We were pleased to learn Pearson is undergoing a review to determine additional steps they can take to prevent recurrences of a similar nature in the future.
If you have additional questions regarding this matter, please do not hesitate to contact us at email@example.com.