Company agrees to report to FTC for 10 years for alleged student data lapses
By 
Adrianne Appel2025-12-02T21:52:00
A tech company that stores student information for schools has agreed to implement a data security program and report to the Federal Trade Commission (FTC) for 10 years, after security failures led to data for 10 million students being breached.
Illuminate Education collects and stores personal student data, including birth dates and health conditions, on behalf of schools. A vendor allegedly alerted Illuminate in January 2020 that its network had big security flaws, but the company failed to address them, according to the FTC complaint.
Related articles
-
News BriefFTC orders GoDaddy to upgrade cybersecurity defenses following three breaches
The Federal Trade Commission has ordered web hosting company GoDaddy to implement a “robust” information security program following at least three data breaches that the agency said were aided by lax cybersecurity measures.
-
News BriefRobinhood to pay $45M fine to settle securities law violations by broker-dealers
Robinhood, a disruptive force in the market for Main Street investors but also a serial offender of securities laws, will pay a total of $45 million to settle numerous violations of SEC rules and regulations by two of its broker-dealers.
-
News BriefGovernment contractor fined $307K after third-party hack compromised personal data
It was a double whammy of cybersecurity no-nos for a federal contractor hit with a data breach: The personal data of Medicare beneficiaries contained in unencrypted screenshots were allegedly compromised when their third-party vendor’s server was hacked.
More from Regulatory Enforcement
-
ArticleLarge wound care practice pays $45M, agrees to monitoring
One of the largest wound care practices in the nation and its founder have agreed to pay $45 million and be subjected to third-party monitoring, to settle allegations that the business intentionally overbilled Medicare by priming its electronic medical records system to do so.
-
News BriefSEC dismisses SolarWinds case tied to 2020 cyberattack
The dismissal of charges against SolarWinds for alleged cybersecurity lapses related to a 2020 Russian cyberattack in 2020 are the latest in a continuing pattern of leniency for corporations by the Trump administration.
-
PremiumPart Two: FCPA cases closed by DOJ, SEC since January
Since the start of the Trump Administration, the Department of Justice has been winding down a number of Foreign Corrupt Practices Act investigations with little public attention. This second article further explores how and why these FCPA matters have been closed.