Student data is a treasure trove for hackers.
In a recent FBI Alert, the agency warned that the rapid growth of educational technologies combined with the increased collection of student information is the proverbial disaster waiting to happen.
“Malicious use of this sensitive data could result in social engineering, bullying, tracking, identity theft or other means for targeting children,” said the agency.
While the growth of interactive educational technologies provides enhanced learning opportunities for students, improperly secured devices such as laptops and tablets – especially those with remote-access capabilities – “could be exploitable through cyber intrusions or other unauthorized means and present vulnerabilities for students.”
The agency’s alert noted several cyber-attacks last year in U.S. secondary education school districts. In one attack, student contact information, education plans, homework, medical records and counseling reports were compromised by hackers and used “to contact, extort, and threaten students with physical violence and public release of their information.” In other incidents, educational technology firms were breached and student data was posted for sale on the Dark Web. And in another instance, a public-facing server was used to store sensitive student information, “resulting in public access to millions of students’ data.”
The FBI made several recommendations:
- Research existing student and child privacy protections of the Family Educational Rights and Privacy Act, the Protection of Pupil Rights Amendment, the Children's Online Privacy Protection Act, and applicable state laws;
- Consider how educational technologies and programs are used in school districts; and
- Research forming parent coalition and information-sharing organizations which are available online for collaborative purposes.
Other federal agencies have taken note of the cyber risks inherent in the storage and transmission of student information. In February, the Internal Revenue Service released an "urgent alert" about scammers targeting school districts with W-2 phishing schemes. And last year, the U.S. Department of Education cautioned that cyber criminals were targeting school districts.