FL Virtual School Data Breach

We believe that everything is safe and sound once our children are given to our schools. We also might believe that our information or our children’s information is also safe once it is given away. School should be a safe zone and there should be many implications made in order to keep kids safe. With the recent school gun violence and other impacts made in Florida, no matter what precautions are taken, there is always someone out there who can see through it all.

An announcement went out to the state of Florida on Tuesday, April 3rd, concerning Florida Virtual Schools. More than 1,200 students are threatened by the data breach. The breach has also affected a small number of Leon County school teachers. Florida Virtual School has been helpful in getting children to continue their education through online means. Students have also been able to go farther than what is offered at their current school through the system. Many students are registered into the program with lots of information tied to them. Their private information was compromised by one individual who saw through the flaws in security.

Investigation

Via Florida Virtual School, they let the public know “last month…an unauthorized user gained access to their system that stored personal information sometime between May 6, 2016, and Feb. 12, 2018.” Law enforcement and the FBI were put onto the case in order to find out how and why. Could this possibly mean that people will easily be able to gain access to any school’s information? If there are other schools that use the same information storage as Florida Virtual School, that would be a possibility.

“Any students who potentially were taking Florida Virtual School classes at that time could possibly be involved [now],” says Sharon Michalik, Bay District Schools Director of Communications, “We have a link that parents can go to where they can see exactly who is and who isn’t impacted.”

The information gained could have been something as simple as banking information or medical history (which is something that someone would not want a stranger having). Someone could also get social security information or even photos of children from the school. Security and being able to keep sensitive documents secured should be a high priority at any school.

“Names, possibly addresses, phone numbers, if their user ID’s and passwords were stored on that computer, then they could have gotten user ID’s and passwords,” says Chip Shows, Bay District Schools Director of Information Services, “They try and find out what bank you use and see if you use the same user ID and password on your bank account.”

What Can Be Done?

Florida Virtual School will be offering credit monitoring for one year to those in affect. They do not believe that social security numbers were taken but there is always a chance that they were. With this in mind, hopefully Florida Virtual School will be able to tighten security and find out what exactly happened.

The investigation is still ongoing as of Thursday, April 5th. The information given from law enforcement and the FBI is that there is no reason to believe that this has been from fraud. With this in mind, was the attack from a hack or someone on the inside? It’s something to think about but something not to openly assume with the information given.

Prevention

With technology coming into more demand and physical files are not needed anymore, everything is becoming easier for hackers to get a hold of. What principals can do in order to audit their digital footprint is to have “locally-based, secure and specifically engineered with privacy” digital services. Third party services can honestly seem safe and less costly but there’s something to consider before using them.  Will a school know for certain if the information provided to cloud-based or off-site storage is safe? Keeping children and staff safe should be the first and main priority of any school.

Schools should address online security as soon as possible. They should also answer these questions when considering what options to go with for off-site or cloud-based information storage:

• Does the school have someone in management who is responsible for privacy and (if it becomes necessary) the handling of personal data breaches?
• Do all staff understand what personal information is? For instance, do they know that images of students are generally considered “personal information” under [US] privacy law?
• Does the school offer meaningful privacy training to all staff?
• Do external contracts entered by the school for the on boarding of new technologies contain relevant obligations in relation to the protection of personal information?

Going through this information will make sure that everyone is on the right page with security for the school. While all answers can’t be answered at the time, it’s important to know where to go with school privacy and information given.

Sources

http://www.mypanhandle.com/news/florida-virtual-school-data-breach-affected-1200-students/1098334333

http://www.mypanhandle.com/news/florida-virtual-school-data-breach-raises-concerns/1099114889

https://www.abcactionnews.com/news/state/florida-virtual-school-warns-students-parents-of-massive-data-breach

https://pixevety.com/how-schools-can-stop-data-breaches/

ABOUT THE AUTHOR