RALEIGH, N.C. (WNCN) — The first year of the COVID-19 pandemic was the worst year so far for data breaches at colleges and K-12 schools across the country.

A study found North Carolina colleges and schools were hit with nine breaches during 2020 — the most in any calendar year since at least 2005, according to the most up-to-date database compiled by Comparitech.com.

“2020 was definitely the worst year on record for data breaches against schools,” Comparitech editor Paul Bischoff said.

The firm found 53 breaches in the state that potentially compromised nearly 917,000 records from 2005-21. 

Nearly 110,000 of those records may have been leaked in the eight breaches that took place since its last study in July 2020.

Six of those breaches involved K-12 schools or school systems, though the largest two affected colleges — hacks of nearly 70,000 records at Guilford Tech Community College in Greensboro and 29,000 records at Elizabeth City State.

Higher education accounts for about 95 percent of the leaked records in North Carolina, Bischoff said.

Nationally, the study found 28.6 million records may have been leaked in 1,851 breaches from 2005-21.

A total of 524 breaches leaking 4.1 million records turned up during the 18 months since the firm’s previous study in July 2020.

Schools became even more attractive targets when classes abruptly shifted online early in the pandemic, Bischoff said, saying it “became really unmanageable.”

“That creates more security holes for hackers to get in,” he said.

But why would schools be more attractive in the first place?

Bischoff says it’s because many of them look like easy targets.

“A lot of schools are running on older (information technology) systems (and) they may not have the best-paid and most talented workforces out there, or they may not be able to afford them,” he said. “They’re sort of weak targets from that perspective.”

He says ransomware has become an even more popular tool for hackers because victims so frequently give in to their demands.

“Hackers know they can get people to pay up,” he said. “People pay up all the time, and so that is a proven way for them to make money.”

So what’s the solution?

Bischoff says being aware and taking more care when online would help because part of the problem is that most breaches are the result of human error.

“We’re talking, like, someone clicks … a link in an email that they shouldn’t have, or someone downloads an attachment that they shouldn’t have, or clicks on a link in a message,” he said. “These are your teachers and your principals, people who are not trained IT staff, but they still have to interact through online systems at the school.

“So I think a big part of that is training and awareness training, how to spot phishing attempts, how to spot basic digital hygiene mistakes … things like implementing two-factor authentication for log-ins,” he added. “Basic stuff like that can really cut down on a lot of mistakes.”