Tuesday, September 3, 2019

Pearson AIMSweb 1.0 Data Breach – What You Should Know

All,

As you may have heard recently through your Principal or in the media, the Boulder Valley School District found out that it is one of more than 13,000 school districts and universities that have been impacted by a data breach at one of our key vendors – Pearson.

First, it is important to know that this breach impacted current and former Boulder Valley School District students. The breach, although significant, was contained in BVSD to name and date of birth.  No other personal information was breached through this event at Pearson.

This information is being shared so that you are aware of the situation and can better answer any parent or community member questions that may come up.

The Pearson AimsWeb 1.0 Data Breach
BVSD learned in August 2019 that an unauthorized third party gained access to Pearson’s AIMSweb 1.0 system in November 2018.  Pearson was made aware by the FBI in March 2019 but was restricted in communicating to BVSD sooner due to the ongoing investigation.

We have notified individuals directly impacted by the breach by mail. Families would have received a letter by August 30 if they were affected. Pearson is paying for the expense of notifying families and for identity or credit monitoring service through Experian.

It is important to note that at this time, Pearson has no evidence to suggest that the breached information has been misused.

Why was BVSD Using AimsWeb 1.0?
Pearson is best known as the publisher of print and digital textbooks but also develops education-related software. BVSD used AIMSweb 1.0 to track progress, inform instruction, and provide updates to parents. AIMSweb 1.0 was permanently taken out of service in July.

Our own internal investigation found no other Pearson products to be impacted by this breach.

Next Steps
I take the safety and security of our students, staff, and their data extremely seriously – as does our entire leadership team.  BVSD already has many proactive processes in place to help prevent student data breaches, and we continue to reevaluate our processes for improvements.

Additionally, BVSD continues to be in compliance with the Colorado Student Data and Transparency Act and remains vigilant in protecting student data. We will continue to work with Pearson and other vendors to ensure everything possible is done to protect the privacy of student data.

Working together, we can minimize threats, including phishing attacks, viruses, malware, and ransomware.   As always, please chime in below with your thoughts, comment, and ideas on this topic.

Andrew