Data breach exposed personal information of over 50000 Naperville students

• The compromised information included the names and dates of birth of 3,700 Naperville District 203 students and 49,000 District 204 students.
• The compromised data also included names and email addresses of around 800 District 203 and 2,300 Indian Prairie staff members.

The personal information of nearly 53,000 students and 3,100 staff in Naperville Community Unit School District 203 and Indian Prairie School District 204 was exposed following a data breach at the third-party vendor, Pearson.

What happened?

Pearson notified the District 203 and District 204 in July that it had experienced a data security incident involving an older version of the Pearson Clinical Assessment's program, AIMSweb that was accessed by an unauthorized third party.

Naperville School District 203 and Indian Prairie School District 204 used AIMSweb 1.0 to track student academic progress of students in kindergarten through eighth grade.

What information was compromised?

The compromised information included the names and dates of birth of 3,700 Naperville School District 203 students and 49,000 District 204 students who attended the districts' schools between 2001 and 2016.

The compromised data also included names and email addresses of around 800 Naperville and 2,300 Indian Prairie staff members. However, no test scores or performance data were involved in the incident.

What was the response?

Following the breach, Pearson Clinical Assessments is offering free credit monitoring to Districts 203 and 204 students and staff whose information may have been compromised in the breach.

Adam Smeets, Chief Technology Officer for Indian Prairie School District 2o4 said that Pearson has worked with cybersecurity experts to evaluate the incident and implement changes to their product in order to prevent such incidents from happening in the future.

“As a school district, we take very seriously the security of all student, family and staff data. Only the most limited data is provided to vendors for required services. Contracts with outside vendors are closely vetted to ensure measures are in place at all times to safeguard that data,” Smeets said in a security notice.