Number of Student Data Breaches, Ransomware Attacks nearly Tripled Last Year, report says

Lockport Man Dies in Incident Involving Tractor
March 4, 2020
Law Being Named After K9: Duvall
March 4, 2020

Public K-12 education agencies across the country experienced a total of 348 cybersecurity incidents during calendar year 2019, which is nearly three times as many incidents that were publicly disclosed in 2018, according to a recent report by the K-12 Cybersecurity Resource Center. 


“Many of these incidents were significant, resulting in the theft of millions of taxpayer dollars, stolen identities and the denial of access to school technology and IT systems for weeks or longer,” Cybersecurity Resource said. 


Student and educator data breaches were the most commonly experienced type of incident in 2019, according to the report. Over half of those breaches were due to the actions of insiders to the school community, including edtech vendors and other third-party partners, Cybersecurity Resource said. 



Ransomware, was the most frequent type of cyber incident experienced by schools during 2019, according to the report, which mirrored the experiences of other local government agencies.


Data for the report is drawn from publicly disclosed incidents cataloged on the K-12 Cyber Incident Map.


The K-12 Cyber Incident Map has documented over 775 publicly disclosed incidents affecting students and educators across the country since 2016.


“There are important steps policymakers, IT leaders and educators can collectively take to help mitigate the cyber risks facing school districts,” said Douglas A. Levin, president of EdTech Strategies and report author. “These include investing in greater K-12 IT security capacity, mandating baseline K-12 cybersecurity risk management practices via regulation and supporting enhanced information sharing and research.”


Levin will host a webinar on March 5, that will feature the report’s highlights and commentary from officials on the “front lines” of incident prevention and response.


Last year, Louisiana was no stranger to cyber attacks, as multiple school districts in the state were discovered to have been breached. Those attacks led Gov. John Bel Edwards to issue an emergency declaration and local public schools to take precautionary measures.