School districts are a playground for hackers. While the education sector does not see as many data breaches as some others (it ranked third in the Identity Theft Resource Center’s 2019 Data Breach Report with 113 breaches), recent school district data breaches – and breaches of their software systems – have highlighted the value to data thieves.
There have been multiple large school district-related data breaches in the last two years, including Georgia Tech, which affected 1.3 million people; education software developer Pearson, which affected 13,000 educational institutions; and education software developer Aeries, which could have affected over 600 school districts. According to Insurance Business America, a study done by Comparitech said that since 2005, K-12 school districts, as well as colleges and universities across the country, have experienced more than 1,300 data breaches affecting more than 24.5 million records. The AZ Mirror reports that Arizona schools have leaked 2.8 million records since 2005. Arizona is second only to California, who has leaked close to 2.9 million records in that same span.
Fortunately, many of the recent school district data breaches do not involve Social Security numbers (SSN). However, a child’s SSN is a common target for hackers because children are not looking at their information for years. By stealing a child’s SSN, medical insurance card or birthdate, hackers could have up to an 18-year head start before a child discovers there is a problem with their credit or personally identifiable information. Threat actors will likely continue to try to find ways to access children’s SSNs to commit child identity theft and synthetic identity theft.
Hackers also see school district data breaches as a prime opportunity to target financial accounts, social media accounts and retail accounts that might be linked to email addresses that they obtain. With email account information, hackers can target victims with spam emails, phishing attempts and harmful software viruses, not to mention credential stuffing to gain access to more sensitive data.
There are steps that parents and children can take to reduce the risk of child identity theft from a school district-related data breach. They include:
- Freezing a child’s credit until they are an adult or plan on using it (for financial aid as an example)
- Not feeling obligated to give a child’s Social Security number on every form; limit the number of places it is given
- Changing email passwords and the passwords of any other accounts that use the same password if impacted by a data breach where an email is compromised
- Considering the use passphrases instead of passwords, which are easier to remember and harder to guess
- Filing an ID Theft Report with the Federal Trade Commission (FTC) and contacting all three credit reporting agencies (CRA’s) to request free credit reports if personal information is being misused
If someone believes they are a victim of a school district data breach, they can live-chat with an Identity Theft Resource Center expert advisor or call toll-free at 888.400.5530. They can also download the free ID Theft Help App for access to resources, a case log and much more.
You might also like…