- Departments
- Superintendent's Office
- Business Services
- Educational Services
- Human Resources
MOVEit Vendor Incident (Illuminate) (Kirkland and Ellis) Information
MOVEit Vendor Incident (Illuminate) (Kirkland and Ellis) Information
MOVEit Vendor Incident (Illuminate) (Kirkland and Ellis) Information
What Happened?
On May 31, 2023, we were informed by our third-party software provider, Progress Software, of a global cybersecurity issue involving its MOVEit Transfer solution. MOVEit is a file transfer tool used by governments, companies, and organizations worldwide, many of whom were impacted by this global cybersecurity incident. According to Progress Software, unauthorized actors discovered a previously unknown cybersecurity vulnerability in the MOVEit Transfer software that could be exploited to gain unauthorized access to files being transferred using the tool. After learning of the issue, we quickly initiated an investigation and took steps to secure our MOVEit repository. Through our investigation, we found that, between approximately May 27 and May 31, 2023, an unauthorized third party obtained certain of our files that we transferred through the MOVEit tool.
What Information Was Involved
We have been working diligently to review the involved files to understand their nature and scope. Based on this review, we recently concluded that certain of the involved files may have included one or more of the following categories of personal information:
- student name
- academic and behavior information
- enrollment information
- accommodation information
- special education information
- student disability code and description
- date of birth
- student identification number (non-public number NOT attached to a Social Security Number)
- student demographic information.
The types of student information involved varied by individual.
We can confirm that the data involved did not contain Social Security numbers, credit card numbers, or bank account numbers.
What Are They Doing
Rocklin Unified School District was notified by Kirkland and Ellis regarding the MoveIt incident on October 26, 2023. Since that time we have been engaging with them to identify students who may have had their information compromised. They (Kirkland and Ellis) have been working diligently with leading cybersecurity experts to determine the nature and scope of how the MOVEit cybersecurity issue affected their MOVEIt repository. We also reported and continue to communicate with law enforcement about the issue.
What You Can Do
We regret any inconvenience this may cause you and are informing you about this issue so you can take steps to help protect your student’s information. Steps you can take include:
- Register for Identity Monitoring Services. Kirkland and Ellis has arranged to offer you certain identity monitoring services for your student for one year at no cost to you.
- Remain Vigilant. We encourage you to remain alert for any unsolicited communications regarding your student’s personal information, review account statements associated with your student for suspicious activity, and monitor free credit reports, if available.
- Review the Reference Guide You Received Via Kirkland and Ellis IF Your Student Was Affected. The enclosed Reference Guide you received in the notification provides information on registration for the identity protection services and recommendations on the protection of personal information.
For More Information
For more information please email safedata@rocklinusd.org