Letter about Pearson breach has been mailed

Nearly 3,200 letters have been mailed to parents in the Scotia-Glenville community regarding the security data breach of the Aimsweb 1.0 program used in the past by Scotia-Glenville. This Pearson Education program is no longer used by Scotia-Glenville. The data breach was discovered last November and schools were contacted about this in July.

If you do not receive a letter, your child’s information was not part of this incident.

In Scotia-Glenville’s case, somebody may have accessed student names and birth dates. These records go back for 13 years, so many of the students are no longer at Scotia-Glenville.

Here is the letter that was mailed today:

Dear Parent/Guardian:

The Scotia-Glenville Central School District was informed on August 21 of a data breach involving an older version of AIMSweb, a product of Pearson Education, Inc.

We have been advised that Pearson has discovered that some personally identifiable student information, names and dates of birth only, stored by Pearson in the older AIMSweb 1.0 platform, was accessed by unauthorized users. We are sending you this letter because we believe that information regarding a child of yours was among the information that was accessed without authorization.

Working with the instructional technology support team at the Northeast Regional Information Center, this is what we know:

  • The unauthorized access occurred in November 2018, Pearson discovered it in March 2019, and Pearson began notifying school districts in July 2019;
  • The records of approximately 3161 Scotia-Glenville Central School District students were accessed without authorization;
  • The information about each student accessed by unauthorized users was the student’s first and last names, and the student’s date of birth;
  • The information stored in the software version currently used by the District, AIMSWeb Plus, was not accessed. However, the unauthorized users gained access to student information stored in an older version of the software called AIMSweb 1.0; and
  • This breach of Pearson’s digital security has affected approximately 13,000 districts in several states.

Pearson, with the assistance of external cybersecurity experts, launched a review and confirmed the existence of the incident and the impacted data. The design of the database and application limited the data that was accessed to the information specified above.

Please know that Scotia-Glenville Central School District is committed to protecting and securing educational data. Our team has training related to data security and privacy, and our systems have controls in place to protect your child’s educational records. Additionally, we have received assurances that Pearson has taken the necessary steps to mitigate the incident and is enhancing protections to guard against similar events.

While there is no evidence that the information described above has been misused, Pearson is offering complimentary credit monitoring from Experian for one year for affected individuals as a precautionary measure. If you are interested in learning more about this option, please call Pearson at 866-883-3309 or email aimsweb1request@pearson.com.

Please contact Karen Swain at kswain@sgcsd.net with any questions you may have regarding this incident and our response.

Sincerely,

Susan M. Swartz
Superintendent of Schools