- Illuminate Education has been acquired by Renaissance, according to both ed tech companies’ websites and an email to Renaissance customers on Aug. 24. The transition follows a January cyberattack on Illuminate Education that led to a data breach affecting the nation’s two largest school systems — New York City Public Schools and Los Angeles Unified School District — among others.
- With the acquisition, Illuminate products will now operate under the Renaissance name, said Chris Bauleke, Renaissance chief executive officer, in the email to customers. Illuminate operated a multi-tiered system of supports management platform, while Renaissance provides tools for educational assessments, data-driven insights and teacher-facilitated instructional delivery.
- The acquisition of Illuminate was not related to the security incident earlier this year, Renaissance said on Tuesday in an emailed statement. The amount of the acquisition was not disclosed.
So why did Renaissance acquire Illuminate? Bauleke told customers in the email that adding Illuminate’s products to Renaissance will broaden the company’s ability to deliver assessments and support teachers in providing better feedback and personalized learning to students.
Bauleke acknowledged in the email “that certain [Illuminate] systems containing potentially protected student information were subject to unauthorized access” earlier this year.
“We have no evidence that the data was misused, but, as a precautionary measure, Illuminate has made available identity monitoring for any notified individual,” Bauleke said. “At Renaissance, we have a robust security environment across all platforms to give you confidence that your student data is protected.”
Given the scope of the breach, Illuminate’s problems may not be easily forgotten by some education leaders.
Earlier this month, the nonprofit Future of Privacy Forum said it removed Illuminate as a signatory from its Student Privacy Pledge list, THE Journal reported. This is the first time a company has been removed from the voluntary data protection pledge, and the forum forwarded its decision to federal and state officials for potential legal action against Illuminate.
“Noncompliance with the Pledge when publicly attesting to compliance may be a misleading and deceptive business practice under federal and state law if confirmed by those agencies,” Future of Privacy Forum said in a statement reported by THE Journal.
The New York City Department of Education said Illuminate had promised to encrypt student information in a data privacy and security agreement with the district. However, when the cyberattack happened the district said the vendor had not done so. In June, the department stopped using Illuminate products after the personal data of about 820,000 current and former students were compromised in the attack.
Illuminate said in a previous statement there was no evidence of any fraudulent or illegal activity involving unauthorized access to the data. The company also said it did not store financial information or social security numbers.