Pearson Data Security Incident - Frequently Asked Questions (FAQs)
Exactly what happened?
The Clark County School District (CCSD) became aware that one of its vendors, Pearson Clinical Assessment, had suffered a data security incident in an older version of their AIMSweb system, AIMSweb 1.0.
An unauthorized third party gained access to a set of data related to the AIMSweb 1.0 platform.
Whose information was accessed?
This incident may have impacted up to approximately 560,000 students enrolled at CCSD between 2008 and 2019, and a smaller number of staff members.
When did this happen?
Pearson believes this incident occurred on or around November 2018. The CCSD Technology Division became aware of this incident on Wednesday, July 31, 2019 and proactively reached out to Pearson immediately. Confirmation was received that our district was impacted on Thursday, August 1, 2019.
Why are we being notified now?
Although it is not clear whether your student’s directory information was affected by the security incident, or that any data was misused, out of an abundance of caution and in order to ensure transparency to our families, CCSD issued the notification.
It is common for an incident like this to not be discovered for many months. Public disclosure may also be delayed while law enforcement conducts investigations into the incident.
What information was potentially accessed?
The student data that may have been affected by the security breach was limited to students’ first names, last names, and in some instances, dates of birth.
A smaller number of staff members’ names and email addresses were also exposed, but in most cases the contact information is outdated.
No other data was part of the security incident; it was limited only to the above mentioned directory information.
What should I do if my children were enrolled during the school years impacted by this event?
- Every person must carefully consider their own course of action in all matters of privacy
- Pearson is offering free access to credit monitoring services for individuals who may have been impacted
- View the instructions from Pearson (PDF)
Was the information released a violation of the Family Educational Rights and Privacy Act (FERPA)?
The information in question is considered “directory information.” Directory information is information not generally considered harmful or an invasion of privacy if disclosed. This includes student’s name and date of birth.
Since this incident potentially affected the release of directory information, you as a parent or former student have the right to file a complaint with the Family Policy and Compliance Office at:
Family Policy and Compliance Office
400 Maryland Avenue, SW
Washington, DC 20202-4605
Phone: (202) 260-3887
How can I protect my identity online?
Here are a few tips:
- Use up-to-date security software
- Use strong passwords
- Only use reputable websites when making purchases
Also, you're entitled to one free copy of your credit report every 12 months from each of the three nationwide credit reporting companies. Order online from annualcreditreport.com, or call (877) 322-8228.
You may “freeze” or “secure” credit in order to keep an identity thief from establishing a new account in your name or your child’s name.
Online: Equifax Freeze Page
By phone: 800-685-1111
By Mail: Equifax Security Freeze
P.O. Box 105788
Atlanta, Georgia 30348-5788
By phone: 888-397-3742
By Mail: Experian Security Freeze
P.O. Box 9554, Allen, TX 75013
By Phone: 888-909-8872
By Mail: TransUnion LLC
P.O. Box 2000 Chester, PA 19016