RALEIGH, N.C. (WNCN) — North Carolina’s colleges and K-12 schools have been hit by 45 data breaches over the past 15 years and may have exposed more than 800,000 records, a study found.
With schools shifting to online learning during the coronavirus pandemic, the study by Comparitech.com puts into perspective just how vulnerable educational institutions have been to data breaches over the years.
“There’s just millions of students getting put online these days thanks to quarantine, especially students who maybe never were,” Sam Cook, a former teacher who authored the study, told CBS 17 News. “So there’s all this potential data getting exposed.”
Cook examined data security at educational institutions from kindergarten through college starting in 2005 and found 1,327 breaches nationwide that may have affected 24.5 million records. Every state but Wyoming had at least one breach, the study found.
“We looked at just the public data breach reports that existed since 2005, and looked at it widely, what kind of institutions were being impacted, what kind of numbers we were seeing as far as a state-by-state look at it?” Cook said. “And we were kind of analyzing just what that impact looks like when you split it into K-12 and college and universities.”
In North Carolina, 33 of the breaches involved institutions of higher learning with the other 12 affecting either elementary, middle or high schools or their districts.
The largest such leak in the CBS 17 viewing area took place at the University of North Carolina a decade ago when a hacker broke into a server with personal information — including approximately 163,000 Social Security numbers — of roughly 236,000 women enrolled in a 14-year research study.
Another hacker used a phishing scam to break into an email account at N.C. State, affecting more than 38,000 records.
The most recent breaches in the state took place earlier this year when the Brunswick and Lincoln county school systems were the victims of a phishing email — but no records were compromised, the study found.
Officials at both UNC and N.C. State say they have beefed up their security procedures to prevent further data leaks, including two-factor authentication for logins and additional training.
“Information Security is among the most rapidly evolving and changing areas in the field of information technology, and UNC-Chapel Hill continually enhances our protections according to industry standards and best practices,” said Michael Barker, UNC’s vice chancellor for information technology and chief information officer. “We have recognized that approaches to breach prevention must be augmented by enhanced visibility, responsiveness and enforcement.”
State Attorney General Josh Stein says he will continue to push lawmakers for stronger data security laws after more than 1 million state residents overall were affected by 1,210 breaches in 2019.
“Now, during a pandemic in which many of us are staying at home and using technology to work remotely, talk to our doctors, and go to school, we’re at an even greater risk for data breaches that compromise our personal, financial, and health information,” Stein said in a statement. “We can and must do more to make North Carolina’s data security laws even stronger.”