The largest state-run virtual school in the country revealed two major data breaches last week, the latest in a string of cybersecurity incidents affecting the nation’s students and teachers.
In one of the breaches, the personal information of more than 368,000 students who have taken courses at the Florida Virtual School was left unsecured online for almost two years, exposing them to potential identity theft, the school said.
In the other, which occurred during the same time frame, hackers obtained data being transferred between FLVS and Florida’s Leon County school district, allowing them to collect the Social Security numbers, addresses, phone numbers, spouses’ names, personal contact information, and emergency contacts of more than 1,800 Leon County teachers.
“FLVS takes it obligation to protect the privacy of personal information very seriously and deeply regrets this incident,” the school said in a notice posted to its website.
The school initiated an independent forensic cybersecurity review last month, after being alerted that hackers were bragging about access to the personal information in an online forum. FLVS then alerted state and federal law-enforcement agencies. An investigation is still underway.
Founded in 1997, the Florida Virtual School is a public school district that serves about 6,000 full-time students. Hundreds of thousands of other students in public, private, charter, and home schools take FLVS’s online courses part-time.
The breaches were first brought to light by databreaches.net.
According to a spokesman for FLVS, the compromised student information was stored by an unspecified vendor on a server that was left open, without appropriate password protection. Included were student names, dates of birth, parents’ contact information, and school-account usernames and passwords.
Cybersecurity is a rising concern for school districts and educational vendors alike. A recent survey by the Consortium for School Networking and the Education Week Research Center, for example, found that school chief technology chiefs continue to underestimate a wide range of threats, from breaches to phishing to ransomware. As a result, schools have also been slow to take the necessary steps to prevent such attacks.
FLVS is offering those who may have been impacted by the breach a year of identity-protection and fraud-monitoring services. There is no evidence that any financial information was stolen, or that anyone’s personal information has yet been used fraudulently, the school said.
for the latest news on ed-tech policies, practices, and trends.