Parents are still searching for answers, weeks after hackers snatched the personal details of thousands of people from the coding school for kids iD Tech, with some concerned that their children’s information could have been compromised by the breach of data.
iD Tech, which provides classes on campus and online coding and tech courses for children, has not yet confirmed the breach, or even inform parents.
News of the breach was announced in February after an attacker on an online cybercrime forum claimed to have compromised iD Tech a month earlier on the 3rd of January.
The hacker claimed that he had stolen more than 1 million user data which include names and dates of birth, passwords in plaintext, and around 415,000 email addresses of which iD Tech did not dispute when contacted via email. This could translate to every parent’s account having at least one child in the classes at the camp for tech.
A few parents found out on March 6 when notification services for data breaches such as Have I Been Pwned acquired the information and sent notices to families affected. Parents also found out through other services, such as Firefox or their device’s security software, informed that their personal information was included in the data breach.
One parent who was informed via a breach notification service that their personal information had been stolen, was told by TechCrunch that the information stolen is just a fraction of the data iD Tech collects on account holders and children who utilize its platforms, such as gender billing information, gender, and health information, such as immunizations.
The parent stated that the data breached must have to do with the child’s day of birth since they never offered their own.
The parent claimed it was iD Tech that has not yet been notified about the security breach. The parent then contacted the company to inquire about the breach, iD Tech claimed that it had already informed the affected account holders.
In fact, iD Tech has not publicly acknowledged the breach either on its website or on any social media channel. There’s no evidence to suggest that iD Tech has notified affected users of the breach.
If contacted via email, iD Tech CEO Pete Ingram-Cauchi refused to discuss how the firm hasn’t publically confirmed the breach. Ingram-Cauchi was unable to share a copy the email which iD Tech claims to have sent to parents. The company did not say that the breach was reported to the state’s attorneys general as per the laws governing notification of data breaches.
However, iD Tech provided a brief statement via an unidentified company email address refusing to comment regarding the ongoing investigation. The email’s sender refused to disclose their name in this report.