Nearly 32 Million Records Leaked in School Data Breaches Since 2005: Report
Credit: Image Credit: boonchai wedmakawand / Moment / Getty Images- Around 32 million individual records have been leaked as part of school data breaches since 2005, according to a report from Comparitech.
- There have been 2,691 data breaches at education institutions, including colleges and K-12 school districts, in that time frame.
- 2021 saw the highest number of data breaches, particularly after the widespread Illuminate Education breach, which affected at least 605 separate institutions.
- Most records affected were from postsecondary institutions.
Almost 32 million individual records have been leaked as part of school data breaches since 2005, with the majority of those records being from postsecondary institutions, according to a new report.
The consumer information website Comparitech analyzed a broad range of data breach notification tools, news sources, and industry resources to determine that there have been 2,691 data breaches at educational institutions in the U.S. since 2005.
Comparitech found that 2021 saw the highest number of breaches, particularly after the wide-reaching Illuminate Education breach that affected more than 600 institutions.
While 51% of all breaches analyzed by Comparitech occurred at K-12 schools — a number spurred higher by the Illuminate breach — the vast majority of records (81%) affected by breaches were from postsecondary institutions.
Many of the largest known data breaches affected colleges, with the 2013 Maricopa County Community College District breach exposing records of nearly 2.5 million students, graduates, and staff, according to Comparitech. Other notable higher education data breaches include the 2019 Georgia Tech database hack and 2017 theft of a hard drive backup at Washington State University, both of which affected more than a million records.
Education breaches come in a number of forms, from deliberate hacks to accidental leaks. Late last year, the cybersecurity firm vpnMentor reported that more than 100,000 students’ data was exposed as part of a McGraw Hill data breach involving misconfigured cloud storage buckets. McGraw Hill told BestColleges that the company secured the files over the summer.
An investigation from the Markup last year found that identifying information from people who filled out the Free Application for Federal Student Aid (FAFSA) in early 2022 might have been sent directly to Facebook’s parent company Meta.
There have been 11 educational data breaches reported so far this year, Comparitech reported, with more than half of those being ransomware attacks.
Comparitech previously reported that ransomware attacks on schools and colleges in the U.S. cost $3.56 billion in 2021 alone. Comparitech noted that data breach notification rules were not universally in place throughout the studied period, and some previous breaches might have gone unreported.