Penalty Amount
$5,100,000
Consumers Affected
4,728,610
Connecticut Attorney General William Tong, along with California and New York Attorneys General, settled with Illuminate Education, Inc. for failing to protect student data in a breach that exposed personal information of millions of students. The settlement, the first under Connecticut's Student Data Privacy Law, requires Illuminate to pay $5.1 million and implement enhanced cybersecurity measures.
Illuminate must pay $5.1 million and adopt measures including reviewing contracts, employing data safeguards, access controls, risk assessments, establishing a right to delete data, monitoring vendors, and obtaining third-party security assessments.
Entity
Illuminate Education, Inc.
Also known as: Illuminate Education
Industry
TechnologyOfficial Press Release
https://portal.ct.gov/ag/press-releases/2025-press-releases/attorney-general-tong-enters-into-settlement-in-first-action-under-student-data-privacy-law
illuminate education avc ct fully executed 103025.pdf?rev=c1
https://portal.ct.gov/-/media/ag/press_releases/2025/illuminate-education-avc-ct--fully-executed-103025.pdf?rev=c1b494f168ea413886ade5983a62afe0&hash=57D77A8E4F5595FCF16A00239839BC18
Connecticut Attorney General Enforcement Page
https://portal.ct.gov/AG/Privacy/Privacy-Resources
The FTC proposed a consent order against Illuminate Education, Inc. for failing to secure student data, leading to a breach affecting over 10 million students. The company allegedly had security failures and delayed breach notifications. The order requires a data security program, data deletion, and a retention schedule.
$5.1M
Illuminate Education, Inc. suffered a data breach in 2021 due to security failures, exposing sensitive student data including medical conditions across millions of students. The company has agreed to pay $5.1 million in settlements to California, Connecticut, and New York and implement injunctive relief to strengthen data security practices.
$5.1M
Illuminate Education, Inc. experienced a data breach in 2022 that exposed personal information of millions of students due to inadequate security measures. A multistate investigation by New York, California, and Connecticut Attorneys General resulted in a $5.1 million settlement requiring Illuminate to enhance cybersecurity practices and pay penalties.
$100K
The Connecticut Attorney General announced a $100,000 settlement with Spruce Power 3, LLC to resolve an investigation into billing, customer service, and warranty issues stemming from consumer complaints. The settlement includes refunds for improper charges and requires reforms to improve billing practices and response times. Separately, an investigation was initiated into SunStrong Management LLC based on approximately 65 consumer complaints regarding warranty failures, unresponsiveness, and fees.
Connecticut Attorney General William Tong joined a coalition of 17 attorneys general in filing a lawsuit against the U.S. Department of Education to stop new data reporting requirements under IPEDS that demand detailed student information. The coalition argues the requirements are unlawful, arbitrary, and jeopardize student privacy by requesting in-depth data that could lead to inadvertent errors and baseless investigations. The lawsuit seeks an injunction to block the implementation of these requirements.
Connecticut Attorney General William Tong, joined by 17 other attorneys general, filed a lawsuit against the U.S. Department of Education to block new IPEDS data reporting requirements that demand student information disaggregated by race and sex. The coalition argues the rushed implementation is unlawful, invades student privacy, and risks unreliable data and baseless investigations. They seek an injunction to halt the data collection and protect student privacy.