By: Tonya Mead, CFE, PI, MBA, MA Educational Psychology
In August 2016, A data breach exposing the personal confidential information of 23,000 current, former students and staff occurred in the largest school district in San Antonio, Texas. In addition to the harm caused to the victims, this information is noteworthy because the incident was not publicized until five months later.
While school officials took this time to investigate the matter and secure school email accounts; thousands of victims were uninformed and thereby unable to take the security precautions. Some security measures to take would have been to:
- scrub or change their online personal user name, passwords, and challenge questions,
- to de-link their school accounts with their other assorted handles used for social media and the like.
But the victims didn’t get the chance to do so until five months later.
This is symptomatic of the lack of emphasis on information and cyber security in the education sector. This sector ranks second to health care for records stolen globally. The federal U.S. Department of Education has one of the lowest FITARA scores when compared to other government agencies. Finally, the firm BitSights, annually scores industries and individual companies as an assessment of their overall information technology security. In this regard, once again, the education sector was evaluated with a “D” grade. According to BitSight Technologies, companies [or industries] with a botnet grade of B or lower were more than twice as likely to experience a publicly disclosed data breach” [page 1 of the Whitepaper].
- Botnets and identity theft
- FITARA score low for US Department of Education
- Hack for enrollment
- 40 million vulnerable bank records
- 23,000 student records hacked
Bitsight, “Bridging the Gap: How Cyber Security Practices & Data Breaches Are Connected.” Bitsight Insights Volume 6, Cambridge, MA, April 2015.
Tonya J. Mead, CFE, PI, MBA, MA, Certified K-12 Administrator and School Psychologist is author of Fraud in Education: Beyond the Wrong Answer and president of Shared Knowledge, LLC http://ishareknowledge.com