A research from technology website Comparitech revealed that K–12 school districts and colleges across the U.S. have suffered over 1,300 data breaches since 2005. More than 24.5 million records have been compromised in the data breaches.
According to the research, hacking is the topmost cause of data breaches in schools and colleges, with 45.9% of hacking incidents reported. Accidental data disclosure is second with 21% incidents in schools and 27.3% in colleges, followed by data theft or loss of data storage devices (11.1% in schools, and 14.7% in colleges).
Other findings from the research include:
- California is a hot spot for both college and K-12 data breaches with 12.2% of the 985 college data breaches and 10.6% of the 21.5 million records affected.
- New York reported most of the data breaches, with 63 breaches affecting almost half a million records.
- Arizona is one of the worst-hit states by number of records affected, with 2.83 million people affected.
- Wyoming is the only state to have no known reported education breaches.
- 2008 had the most education data breaches, but 2013 and 2017 were the biggest years by the number of records affected.
- The majority of records compromised in college data breaches with 3.07 million and 2.9 million records affected in 2013 and 2017 respectively.
- The biggest years for K–12 schools were 2018 and 2019 with 991,340 and 804,734 records affected, respectively.
“There does not appear to be any kind of trend in the breach numbers for K-12 schools or colleges, nor does there seem to be a pattern with college records affected. However, over the past few years, there has been a significant increase in the number of school records affected,” the report said.
Ransomware Attacks on K-12 Schools
Earlier, a similar report revealed that around 86 universities, colleges, and school districts were impacted, which in turn disrupted operations of nearly 1,224 individual schools due to ransomware attacks. The report also shared a list of top three incidents of public schools being affected by ransomware attacks.
K-12 Cybersecurity Act
In order to address the rising cyberthreats on K-12 schools, two U.S. Senators, Gary Peters (Michigan) and Rick Scott (Florida), both members of the Senate’s National Security and Government Affairs Committee, have tabled a bill called “K-12 Cybersecurity Act” in December 2019. The Act directs the DHS Cybersecurity and Infrastructure Security Agency (CISA) to first study the specific cybersecurity risks associated with K-12 educational institutions. Once the study is done, CISA will then be responsible to develop cybersecurity recommendations and set up online tools to help schools with their cybersecurity requirements.