Here's what we emailed September 20, 2021. Sign up for updates directly in your inbox.
America’s surge in ransomware attacks this year has a new victim: public school students. A recent analysis by NBC News shows how data from over 1,200 K-12 schools has been published online so far this year. These breaches include students' sensitive and identifying information, from name and date of birth to social security numbers, health records, and even whether or not they're an immigrant, homeless, or economically challenged.
Criminal hackers willing to pay for this exposed data then use it to try and open credit cards or loans in the student’s name. For example, hackers broke into a school district near the Texas southern border last December and gained access to a spreadsheet titled “Basic student information” with roughly 16,000 students’ information. The sheet included all aforementioned categories of data in addition to flags for possible dyslexia. After following the FBI’s recommendation to not pay the ransom, the hackers then posted the information online.
While parents were notified, there aren’t guidelines for what parents should do in this situation. The district’s cyber insurance paid for free credit monitoring for staff, but parents are left to be their kid’s data security and privacy experts.
Worse yet is when students are unaware their data has been exposed and they remain targets of identity theft for the rest of their lives. In fact, many schools NBC reached out to didn’t know their students’ information was circulating on the dark web. Some may not realize their credit has been damaged through these hackers until they apply for credit as adults.
Such ransomware attacks are a more recent threat, but schools have been struggling with data breaches for nearly a decade. A 2020 report found at least 99 K-12 schools were involved in unintentional data breaches, a quarter of which were students accidentally leaking information while attempting to change their grades. Schools have also faced other costly attacks. The same 2020 study found that over $17.5 million in education funds have been stolen from districts through email phishing scams preying on school staff — one Texas school district lost more than $600,000 as a result.
And while the Biden administration has made stopping these extremely disruptive attacks a national-security priority, guidance for schools is not yet the focus. Data on the severity of such breaches is also limited as schools are currently not required to report when data breaches occur.
🎬 Take Action
The president of Identity Theft Resource Center, a nonprofit helping victims of data theft, says the number one way to protect students is to freeze a child’s credit. Though time-consuming, completing the process with all three major credit monitoring services (Experian, Equifax, and TransUnion) is seen as an essential step for child digital safety.
- The Verge (Where we found this story) 10 days old | 5 minutes long
- NBC News Detailed original report 10 days old | 10 minutes long
- Hechinger Report 2020 report on student information leaks 1 year old | 8 minutes long
- NY Magazine Surge in U.S. ransomware attacks & Biden’s response 2 weeks old | 16 minutes long
/ / / / | O | | O | | |- - - - - - - - - - - - - - - - - - -| | | O | | O | | | | | | O | | O | | | | | | O | | O | | | S T U D E N T | | | O | | O | | | D A T A | | | O | | O | | | L O A D I N G | | | O | | O | | | | | | O | | O | | | | | | O |- - - - - - - - - - - - - - - - - - -| O | | | | |
Art Credit: ASCII Art Archive