Data breaches hit thousands of K-12 students, federal watchdog reports

Thousands of K-12 students were affected by 99 reported data breaches in the United States over the last four years, according to a Government Accountability Office analysis published this week.

Student academic records were most commonly compromised, including assessment scores and special education records. Coming in second were records with personally identifiable information, such as student Social Security numbers, according to the analysis of data from July 2016 to May 2020.

Key findings: Wealthier, larger and suburban districts were more likely to report a breach, the report says, citing information from the Cybersecurity Resource Center.

“Breaches were either accidental or intentional, although sometimes the intent was unknown, with school staff, students, and cybercriminals among those responsible,” the GAO report said. “Reports of breaches by cybercriminals were rare but included attempts to steal [personally identifiable information].”

Background: As schools rely more on information technology systems, they collect more student data electronically that can put student information at risk of disclosure, the report warns. Distance learning during the pandemic has put a spotlight on K-12 cybersecurity issues.

This summer, the FBI alerted private industry that new cyberattacks were likely ahead as schools began virtual learning. Following that warning, districts like the Fairfax County school system near Washington, D.C., fell victim to ransomware attacks, and a Miami-area teenager blocked thousands of students and staff from classes during their first week of online learning.