TL;DR
According to the Federal Trade Commission (FTC), Illuminate Education, Inc. failed to implement basic, low-cost security measures to protect the sensitive personal data of over 10 million K-12 students. Despite marketing itself as a “trustworthy” custodian of child data, they stored sensitive information in plaintext, used hardcoded access keys, and ignored repeated warnings about “high-risk” vulnerabilities for years. When a breach inevitably occurred, the evil corporation delayed notifying hundreds of thousands of victims (who again, were children) for nearly two years.
This is a systemic failure of corporate oversight. We invite you to read further to understand how the machinery of neoliberal capitalism prioritizes profit margins over the fundamental safety and dignity of our children.
Table of Contents
- The Neoliberal Commodification of the Classroom
- A Chronology of Neglect
- The Economic Fallout and the Human Cost
- Corporate Ethics and the Illusion of Accountability
- Why This Matters for the Well-Being of Society
The Neoliberal Commodification of the Classroom
In the sanitized language of the boardroom, Illuminate Education provides “cloud-based technology products.” In the language of reality, they are a cog in the machinery of neoliberal capitalism, a system designed to strip the public square of its safeguards and turn the intimate details of a child’s development into a harvestable commodity.
When education is privatized, corporate social responsibility becomes a marketing slogan rather than a moral mandate. Illuminate’s failure was not an accident; it was the logical outcome of a system where corporate greed dictates that security is an “expense” to be minimized, while the data of 10 million children is an asset to be leveraged.
A Chronology of Neglect
The following timeline illustrates how Illuminate Education disregarded the safety of the students it was paid to serve, choosing to ignore warnings and leave digital doors unlocked for years.
| Date | Event / Misconduct |
| January 2020 | A third-party security vendor warns Illuminate of “numerous security vulnerabilities” and “High risk” to its network. |
| February 2021 | A second warning from a cybersecurity vendor alerts the company to persistent vulnerabilities; recommendations for better access controls are largely ignored. |
| December 27, 2021 | A threat actor uses the credentials of an employee who left the company three years prior to gain entry into Illuminate’s AWS environment. |
| Dec 28, 2021 – Jan 8, 2022 | For 13 days, the attacker has “unfettered access,” exfiltrating 787 SQL server backups containing the data of 10.1 million students. |
| January 8, 2022 | Illuminate finally discovers the breach after experiencing a massive system outage. |
| March – July 2022 | The company begins initial notifications to some school districts. |
| October 2023 | Nearly two years after the breach, Illuminate notifies an additional 387,000 students whose exposure was previously “missed”. |
| December 2025 | The FTC issues a proposed Consent Order to resolve allegations of unfair and deceptive practices. |
The Economic Fallout and the Human Cost
The economic fallout of this misconduct is not measured in stock prices, but in the permanent vulnerability of the most marginalized.
The exfiltrated data included student names, academic grades, disciplinary records, and even “migrant status” and “disability accommodations”.
For a child living on the edge of poverty, the exposure of their “free lunch” status or special education needs creates a permanent digital shadow that can follow them into adulthood, affecting future employment and insurance!
Corporate Ethics and the Illusion of Accountability
The wealth disparity between the executives who oversaw this negligence and the families who now face a lifetime of identity theft risk is staggering. Illuminate reportedly earned over $120 million in annual revenue while failing to implement “relatively low-cost” security measures like encryption or deleting old data.
When corporate ethics are replaced by the raw pursuit of market share, companies like Illuminate lie to their customers… claiming their practices “meet or exceed” federal standards while leaving student records in plaintext for any low-level hacker to find.
Why This Matters for the Well-Being of Society
This case is a fucked up reminder that public health includes the right to privacy and the safety of our social fabric.
When we allow a handful of powerful corporations to monopolize the data of our youth without any real corporate accountability, we are effectively surrendering our future to the highest bidder.
Society cannot flourish when its most vulnerable members are treated as “leads” or “data points” rather than human beings with a right to a secure childhood.
Here is a press release on this story from the FTC’s website about this data breach of 10 million students: https://www.ftc.gov/news-events/news/press-releases/2025/12/ftc-takes-action-against-education-technology-provider-failing-secure-students-personal-data
💡 Explore Corporate Misconduct by Category
Corporations harm people every day — from wage theft to pollution. Learn more by exploring key areas of injustice.
- 💀 Product Safety Violations — When companies risk lives for profit.
- 🌿 Environmental Violations — Pollution, ecological collapse, and unchecked greed.
- 💼 Labor Exploitation — Wage theft, worker abuse, and unsafe conditions.
- 🛡️ Data Breaches & Privacy Abuses — Misuse and mishandling of personal information.
- 💵 Financial Fraud & Corruption — Lies, scams, and executive impunity.
