Privacy & Security

Major School Research and Assessment Provider Suffers Data Breach

By Benjamin Herold — May 19, 2014 2 min read
  • Save to favorites
  • Print

The American Institutes for Research, a major research and testing organization with a significant presence in K-12 education in the United States, suffered a serious data breach earlier this month.

After one of the organization’s servers was hacked, the sensitive personal information of as many as 6,500 current and former employees, including Social Security numbers and personal credit card information, was compromised, an AIR spokesman confirmed during an interview Monday with Education Week. No student or client information was affected.

“The breach only affected our business systems,” said Larry McQuillan, the organization’s director of public affairs. “By design, student data resides on an external information system independent from the domain that was affected.”

The Washington-based AIR has hundreds of contracts with federal, state, and local agencies, including the United States departments of agriculture, commerce, defense, education, health and human services, and more, according to the group’s website. The organization has been a major provider of both online and pencil-and-paper assessments to districts and states, including Delaware, Minnesota, and Oregon.

AIR also has contracts with the Smarter Balanced Assessment Consortium, one of two major multi-state consortia developing online assessments aligned to the new Common Core State Standards, and the organization provides educational program evaluation and value-added teacher evaluation services to a number of states and districts. It’s worth noting that AIR is currently embroiled in a dispute over a lucrative contract being awarded by the Partnership for Assessment of Readiness for College and Careers. (The executive vice president of AIR, Gina Burkhardt, is also a member of the board of Editorial Projects in Education, the publisher of Education Week.)

President and CEO David Myers alerted AIR employees to the breach via a letter dated May 14, 2014, a copy of which was obtained by Education Week.

“On Monday, May 12, 2014 we determined that unencrypted (plain text) personal information on current and former AIR employees may have been accessed through a hacking incident,” the letter reads. “At this point, we have no evidence that any information was accessed or misused.”

In addition to hiring a “digital forensics firm” to investigate the hacking, AIR is also offering free credit monitoring services to those who may have been affected, even though there is no evidence to date that any sensitive employee information was downloaded from the server.

“We’re notifying [employees] because we don’t want to wait and find out that something bad has happened,” McQuillan said.

Joseph Hawkins, an AIR employee in 1998 and 1999, was among those notified of the breach.

“I’m concerned that my own personal information was not secured,” said Hawkins, who now works as a senior study director with Westat, a research and statistical survey organization based in Rockville, Md. “Given that AIR is constantly dealing with [clients] that require the highest security and encryption, that they didn’t do that for their own employees is to me a serious issue.”

Follow @BenjaminBHerold and @EdWeekEdTech for the latest news on ed-tech policies, practices, and trends.

Related Tags:

A version of this news article first appeared in the Digital Education blog.


Commenting has been disabled on edweek.org effective Sept. 8. Please visit our FAQ section for more details. To get in touch with us visit our contact page, follow us on social media, or submit a Letter to the Editor.


Events

This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
Teaching Webinar
6 Key Trends in Teaching and Learning
As we enter the third school year affected by the pandemic—and a return to the classroom for many—we come better prepared, but questions remain. How will the last year impact teaching and learning this school
Content provided by Instructure
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
Student Well-Being Webinar
Attendance Awareness Month: The Research Behind Effective Interventions
More than a year has passed since American schools were abruptly closed to halt the spread of COVID-19. Many children have been out of regular school for most, or even all, of that time. Some
Content provided by AllHere
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
School & District Management Webinar
Ensuring Continuity of Learning: How to Prepare for the Next Disruption
Across the country, K-12 schools and districts are, again, considering how to ensure effective continuity of learning in the face of emerging COVID variants, politicized debates, and more. Learn from Alexandria City Public Schools superintendent
Content provided by Class

EdWeek Top School Jobs

Teacher Jobs
Search over ten thousand teaching jobs nationwide — elementary, middle, high school and more.
View Jobs
Principal Jobs
Find hundreds of jobs for principals, assistant principals, and other school leadership roles.
View Jobs
Administrator Jobs
Over a thousand district-level jobs: superintendents, directors, more.
View Jobs
Support Staff Jobs
Search thousands of jobs, from paraprofessionals to counselors and more.
View Jobs

Read Next

Privacy & Security Spotlight Spotlight on Lessons Learned: Digital Safety
In this Spotlight, review ways you should be approaching student and system data, discover how others teach digital safety, and more.
Privacy & Security Quiz Quiz: How Much Do You Know About Protecting Students During Remote Learning?
Quiz Yourself: What should you know about storing video content involving students?
Privacy & Security Spotlight Spotlight: Online Student Safety
In this Spotlight, assess possible digital vulnerabilities, learn how students may be partaking in digital self-harm, and more.
Privacy & Security Hackers Post 26,000 Broward School Files Online After District Doesn't Pay Ransom
Hackers who demanded up to $40 million from the Broward School District have now published nearly 26,000 files stolen from district servers.
Scott Travis, South Florida Sun-Sentinel
3 min read
Image shows a glowing futuristic background with lock on digital integrated circuit.
iStock/Getty Images Plus