U.S. Schools and Colleges Witness a Huge Rise in Number of Leaked Records

Cyberattacks and data breaches continue to plague the education sector. They are only intensifying year over year. 

What do the findings reveal? 

  • A report from Comparitech revealed that U.S. schools have lost over 24 million records in 1,327 data breaches in the past 15 years. 
  • The report further unveiled that hacking is the primary cause of most data breaches.
  • Data breaches from K-12 schools accounted for the leak of over 1 million records.
  • Verizon in its latest report revealed that in the first fourth months of 2020, the education sector witnessed phishing attacks in 28% of breaches and hacking via stolen credentials in 23% of breaches.

Factors for data leak

Apart from hacking, inadvertent disclosure by the institutions (25.7%), theft or loss of portable devices (13.8%), and insider threats (3.9%) are also responsible for breaches reported so far.

The most affected 

  • Public institutions are affected more by breaches as compared to private ones.
  • California is the most affected state due to the data breaches that occurred in both colleges and K-12 schools. So far, the state has witnessed 157 of 1,328 breaches.

Reckoning the biggest breaches from the past

  • In October 2006, the University of California was hit by a cyberattack allowing a hacker to gain access to a database containing information of 800,000 students, faculty, and staff.
  • In 2010, Ohio State University data breach impacted 750,000 records. The incident occurred due to unauthorized access to the university’s server. 
  • In 2012, hackers gained access to a database belonging to the University of Nebraska and stole 654,000 records of current students and alumni.
  • In 2013, the data breach at Maricopa County Community College District resulted in a loss of 2.49 million records. 
  • In 2018, the San Diego Unified School District revealed a phishing attack that resulted in the compromise of 500,000 records.
  • In April 2019, Georgia Tech announced that nearly 1.3 million current and former faculty members, students, staff, and student applicants were affected due to unauthorized access to a web application.
  • In the same month, Washington State University notified a data breach that occurred due to the loss of a hard drive that contained sensitive information of 1.1 million individuals.
  • In Nevada, three K-12-related breaches affected 673, 487 records, while in Florida, 17 school breaches affected 504,135 records.

What else needs to be worried about?

  • The FBI reported that the ransomware attacks on K-12 schools that leverage Remote Desktop Protocol vulnerabilities have increased notably since September 2019.
  • Such attacks have hit 17 school districts compromising 284 schools between January 1 and April 8. 

Bottom line

Given the rise in attacks by criminals, Collin Bastable, CEO of Lucy Security, has focused on the cybersecurity requirements at educational institutions. He has further added that the staff should also be cyber safe when working from home. 

"Hackers are very smart, and very highly motivated, whereas staff are focused on school life and their public service. It is an uneven battle. The public sector is generally less well-equipped to defend against cybercrime,” Bastable noted