Schools and colleges in the US have leaked 24.5 million records since 2005, according to new research by technology website Comparitech. K–12 school districts across the country have suffered 1327 breaches in the last 15 years – with last year’s count setting an all-time high.
According to a list of data breaches compiled by the site and with the help of tools from the National Center for Education Statistics (NCES), the most common cause of data breaches in K–12 schools is hacking, representing 45.9% of all incidents. It is also the biggest cause of breaches in colleges. Unintentional disclosure comes in second, with 21% in schools and 27.3% in colleges, followed by theft or loss of portable devices (11.1% in schools, and 14.7% in colleges). K–12 schools saw 60 breaches in total last year, although they lost the most records in 2018, spilling 991,340.
“There doesn’t appear to be any kind of trend in the breach numbers for K–12 schools or colleges, nor does there seem to be a pattern with college records affected,” said the report. “However, over the past few years, there has been a significant increase in the number of school records affected.”
Colleges saw by far the largest proportion of breaches, at 74%. Public institutions were also the hardest hit, accounting for 77.7% of the breaches at both school and college level.
The report noted that many of the breaches affected more than one institution. One good example was a data breach at Pearson Education, which affected schools across the US. This demonstrates that not all these breaches are down to mismanagement on the part of a school or college; sometimes, it’s a supply chain issue.
At the state level, California experienced the most data breaches across colleges and schools combined, accounting for 11.8%. It also lost the most records among all states. As the report pointed out, though, this is to be expected given that the state harbors a large percentage of the US population (around one in eight people).