ow vulnerable is student data at U.S. public schools? That’s a critical question now that many, if not most, of the nation’s 51 million students are learning online at least some of the time.
Congressional watchdogs recently attempted to get a handle on the cyber security problem in schools. In a report publicly released in October 2020, the Government Accountability Office (GAO) counted 99 school data breaches over the past four years, from July 2016 to May 2020, that compromised the personal information of thousands of students in kindergarten through high school.
Attacks by cyber criminals were rare, the GAO found. More common were unintentional leaks in which private information, such as health records and telephone numbers, were accidentally made public. Students were responsible for more than a quarter of the breaches; their most frequent motive was changing grades.
The GAO relied on a private database of cyber attacks and leaks collected by Doug Levin of EdTech Strategies, a consulting firm. That’s because there’s no federal requirement for school districts to report data breaches. Most states have data breach notification laws but they vary a lot and there’s no obligation for state agencies to disclose them publicly. So the GAO turned to Levin’s K-12 Cybersecurity Resource Center, which has been collecting press clips about school data breaches from around the country and monitoring the states that do publicly report, such as Texas.
However, Levin’s own analysis of the data he shared with the GAO arrived at different totals. He counted 458 data breaches in school districts; 315 involved the unauthorized release of student data. That’s more than four times greater. Levin documented that more than a million student records CONTINUE READING: What happens when there are school data breaches?