**Landmark Settlement Reached Over 2022 Student Data Breach Affecting Millions**
On November 6, 2025, Connecticut Attorney General William Tong, alongside California Attorney General Rob Bonta and New York Attorney General Letitia James, announced a $5.1 million settlement with Illuminate Education, Inc. over a 2022 data breach that exposed sensitive information of nearly 5 million students. The case marks the first enforcement action under Connecticut’s Student Data Privacy Law.
The breach occurred in December 2021 when hackers exploited credentials from a former Illuminate employee to access unencrypted database files. Compromised data included student names, birth dates, IDs, and demographic details. The breach impacted 28,610 students in Connecticut, 1.7 million in New York, and 3 million in California.
Under the settlement, Illuminate will pay $150,000 to Connecticut, $1.7 million to New York, and $3.25 million to California. The agreement also mandates the company implement enhanced security measures to prevent future incidents.
Illuminate Education, Inc. TPRM report: https://www.rankiteo.com/company/illuminate-education-inc.
"id": "ill1766016307",
"linkid": "illuminate-education-inc.",
"type": "Breach",
"date": "12/2021",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Millions of students',
'industry': 'Education Technology',
'location': 'United States',
'name': 'Illuminate Education, Inc.',
'type': 'Educational Technology Provider'}],
'attack_vector': 'Compromised Credentials',
'data_breach': {'data_encryption': 'No (unencrypted database files)',
'file_types_exposed': 'Database files',
'number_of_records_exposed': '4.728 million students (28,610 '
'in Connecticut, 1.7 million in '
'New York, 3 million in '
'California)',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (PII including names, birth '
'dates, IDs, and demographic details)',
'type_of_data_compromised': 'Student data'},
'date_detected': '2021-12',
'date_publicly_disclosed': '2025-11-06',
'date_resolved': '2025-11-06',
'description': 'On November 6, 2025, Connecticut Attorney General William '
'Tong, along with California Attorney General Rob Bonta and '
'New York Attorney General Letitia James, announced a '
'significant settlement stemming from the enforcement of '
'Connecticut’s Student Data Privacy Law. This case marked the '
"first enforcement action since the law's enactment and "
"involved Illuminate Education, Inc. ('Illuminate'), an "
'educational technology provider whose 2022 data breach '
'exposed sensitive information belonging to millions of '
'students.',
'impact': {'data_compromised': 'Student names, birth dates, IDs, and '
'demographic details',
'financial_loss': '$5.1 million in penalties',
'identity_theft_risk': 'High',
'legal_liabilities': 'Enforcement of Connecticut’s Student Data '
'Privacy Law'},
'initial_access_broker': {'entry_point': 'Compromised credentials from a '
'former employee'},
'investigation_status': 'Resolved',
'post_incident_analysis': {'corrective_actions': 'Implementation of '
'comprehensive security '
'measures',
'root_causes': 'Use of former employee '
'credentials, unencrypted database '
'files'},
'references': [{'date_accessed': '2025-11-06',
'source': 'Connecticut Attorney General Announcement'}],
'regulatory_compliance': {'fines_imposed': '$5.1 million',
'legal_actions': 'Settlement agreement',
'regulations_violated': ['Connecticut’s Student '
'Data Privacy Law']},
'response': {'remediation_measures': 'Implementation of comprehensive '
'security measures'},
'title': 'Connecticut, California and New York Reach Landmark Settlement for '
'Student Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Use of former employee credentials'}