When we send our students off to school, we trust that they are being protected by teachers and curriculum to the administration and infrastructure. Education is one of the greatest institutions civilization has, so when we find gaps in the structure, they should be taken seriously. American schools have been experiencing several data leaks in the recent past. We want to talk about where they’re happening, how they’ve taken place, and what we can do to protect our student’s data once it’s been handed off to our education system.
How Did This Happen?
Most cyberattacks are a product of neglect. Phishing scams, ransomware attacks, and social engineering schemes rely on finding a hole in an organization’s cybersecurity plan. Many businesses fail to take a preventative stance when it comes to defending their digital assets, preferring instead to save in the short term. When it comes to business, this decision is often motivated by profit, but when it comes to public schools and their lagging technology, it’s more likely an act of necessity.
In The United States, public schools get overwhelming funding through property taxes and local budgetary expenditures. This, unfortunately, leaves many districts underfunded if located in an area where tax revenue is more scarce. This creates a tight budget for a system that requires a lot of money to run. Across the board, less than 13 percent of a public school’s funding comes from federal sources[1].
With tight budgets and a lack of support from federal coffers, public schools have to choose. Understandably, money is spent on the physical needs of the students. Keeping the lights on, feeding children, and giving them a comfortable environment to learn in tends to take top priority. However, this means hackers are discovering vulnerable and unattended storage solutions ripe for the picking. Since 2005 nearly two thousand data cyberattacks have taken place on public schools in America, hemorrhaging 28.6 million student records[2].
What Data Are We Losing?
If you’ve never registered a student in school, it’s easy to think that schools are just losing grades or detention records. If it were that trivial, we wouldn’t be seeing the loss of millions of student records. In a cyberattack that took place in January of 2022, a breach of Illuminate Education, a software company the New York City’s Department of Education uses to track grades and attendance, gave a hacker access to students’ names, birthdays, ethnicities along with their English-speaking, special-education and free-lunch statuses[3]. In the case of this high-profile breach, no social security numbers or bank information was lost, but 820,000 individuals had their personal information flung to the wind through no fault of their own.
In the case of New York City’s cyberattack, students and their families got away without losing anything ruinous, and, in some cases, a security breach ends up being a district-wide perfectly synchronized Rickroll at the hands of a savvy senior[4]. Those stories are in the minority. We see millions of students losing their social security numbers along with every single piece of identifying information before they’re even old enough to drive[5], and these attacks cost school districts well over $6 billion of their already limited budgets[6].
Taking a Proactive Stance
Protecting data in school systems will require work. In the modern age, there’s no way around that. Encrypting data, decentralizing storage systems, and protecting storage solutions with more than a password written on a stray sticky note is the key to the fight against school data breaches. With a coordinated push and a little investment, American schools can reclaim the billions of dollars they’ve lost to data breaches and redirect those funds back into the education system. We here at AXEL have been building a platform that protects the security and privacy of any student, teacher, or small business.
You can try AXEL Go Premium with all features unlocked free for 14-days. Sign up today and see how AXEL Go can improve your workflow and harden your organization’s cybersecurity.
References
[1] “Public School Revenue Sources – National Center for Education Statistics” Accessed April 7, 2022. https://nces.ed.gov/programs/coe/pdf/coe_cma.pdf.
[2], [5] “US Schools Leaked 28.6 Million Records in 1,851 Data Breaches since 2005.” Comparitech, January 21, 2022. https://www.comparitech.com/blog/vpn-privacy/us-schools-data-breaches/#:~:text=US%20schools%20leaked%2028.6%20million%20records%20in%201%2C851%20data%20breaches%20since%202005,-Sam%20Cook%20Data&text=Since%202005%2C%20K%E2%80%9312%20school,more%20than%2028.6%20million%20records.
[3] Bamberger, Cayla, and Jesse O’Neill. “Personal Data of 820,000 NYC Students Compromised in Hack.” New York Post. New York Post, March 27, 2022. https://nypost.com/2022/03/26/nyc-students-have-personal-data-hacked/.
[4] Hanson, Melanie, and Fact Checked. “U.S. Public Education Spending Statistics [2022]: Per Pupil + Total.” Education Data Initiative, March 21, 2022. https://educationdata.org/public-education-spending-statistics#:~:text=States%20contribute%20a%20total%20of,funding%20is%20equivalent%20to%202.62%25.
[4] Tangermann, Victor. “Teen Hacks School Computer System, Rickrolls Entire School District.” Futurism. Futurism, October 14, 2021. https://futurism.com/the-byte/teen-hacks-school-computer-system-rickrolls-entire-school-district
[6] Blacher, Mitch. “Despite Billions in Federal Money, American Schools Remain Vulnerable to Cyberattacks.” WJLA. WJLA, March 7, 2022. https://wjla.com/features/i-team/school-cyber-attacks-hacks-records-federal-money-vulnerable-america-us-dc-maryland-virginia.