After one of the organization’s servers was hacked, the sensitive personal information of as many as 6,500 current and former employees, including Social Security numbers and personal credit card information, was compromised, an AIR spokesman confirmed during an interview Monday with Education Week. No student or client information was affected.
“The breach only affected our business systems,” said Larry McQuillan, the organization’s director of public affairs. “By design, student data resides on an external information system independent from the domain that was affected.”
The Washington-based AIR has hundreds of contracts with federal, state, and local agencies, including the United States departments of agriculture, commerce, defense, education, health and human services, and more, according to the group’s website. The organization has been a major provider of both online and pencil-and-paper assessments to districts and states, including Delaware, Minnesota, and Oregon.
AIR also has contracts with the Smarter Balanced Assessment Consortium, one of two major multi-state consortia developing online assessments aligned to the new Common Core State Standards, and the organization provides educational program evaluation and value-added teacher evaluation services to a number of states and districts. It’s worth noting that AIR is currently embroiled in a dispute over a lucrative contract being awarded by the Partnership for Assessment of Readiness for College and Careers. (The executive vice president of AIR, Gina Burkhardt, is also a member of the board of Editorial Projects in Education, the publisher of Education Week.)
Nothing to see here, move along and take your tin foil hats with you… This is a great example of why we are concerned about student data mining (besides it being a violation of privacy). The student databases are not 100% secure.