NYC Students are Again Victims of Data Breach

Co-founder Shannon Edwards is a tech industry expert and a member of the The New York State Education Department (NYSED) Student Data Privacy Advisory Committee (DPAC) — Any feedback, questions, advice contact us here.


Parents with children in the nation’s largest public school system are again on the receiving end of a significant data breach. In this case, about 45,000 students have had their information compromised via file transfer software MOVEit. Many affected won’t know for weeks or months if they were involved and this comes just a year on from the Illuminate Education hack affecting 820,000 students and two years from the Google Drive leak that affected 3,000 kids.

MOVEit Breach

According to reports, the compromised data includes social security numbers, birth dates and some student evaluations. With this breach, employees’ information was also affected (but no specifics as of yet).

Unfortunately, MOVEit has been breached far beyond our public school system and is alleged to have been committed by CL0P — a Russian-speaking cybercrime gang.

The involvement of law enforcement and the nature of the hackers will hopefully finally serve as a wake-up call to the Department of Education and families of the dire risks posed from such breaches.

Why Worry?

Kids info is much more valuable to thieves. Hackers actively seek out children's identity information because it's usually ‘clean.’ This means it is much easier to create new identities, apply for credit, or commit fraud with children’s data. It also can go undetected for much longer and saddle kids with issues into their adult years.

Kids data can also be used to bully, groom or target children with ease; particularly those who are most vulnerable. Unfortunately new, powerful AI can also accelerate the ability to parse through significantly more information and 'triangulate' — building profiles of kids and families with ease.

Parents information is also at risk when a child’s data is breached. Even what may seem ‘small’ in terms of the type of data or scope could easily be linked to parents in a way that serves to 'infect' everyone associated with the child.

The more data a hacker has the more it can connect it and move on to the next piece like a puzzle. So it's absolutely not just affecting the child in isolation but a building block to further hacking of families.

What to Do: Immediately Following a Breach

First and foremost, find out what data has been compromised as soon as you are notified of a breach. The school should provide this information; and if not ask (and don’t give up). This could be anything from names and addresses to social security numbers. It matters because the type of data will inform how you proceed. And those steps should include:

How to be Proactive

Of course it’s even better to prepare yourself before news of a breach affects you and your family. While we would like to believe that schools and other organizations are taking mitigating steps to protect data, it’s happening with enough regularity that parents really need to get smart and do the work to prevent any negative effects of a hack. A few ideas:

  • Educate Your Children About Their Data. If you haven’t started talking about online data safety, now is the time. Children should know not to share sensitive information online, avoid too much identifying details (even if not sensitive in nature) and understand the importance of strong, unique passwords for each account.

  • Familiarize Everyone With Privacy Settings. Most online services, including educational apps, offer privacy settings. Companies do know how critical data protection is and increasingly offer tips and controls that can make a big difference. Review these settings and make adjustments to protect your child's data.

  • Monitor Kids Online Activity. Make understanding and keeping an eye on kids online activity something that is positive and that you do together. You can give them privacy and autonomy while at the same time knowing the platforms they are using and what information is being shared. Helping kids understand that collaboratively protecting their information should give them confidence online rather than feeling as if parents are prying. Have kids teach you too — they often know even more than parents about where vulnerabilities lie.

  • Ask Schools about Data Security. Don’t be shy to speak up. Collectively parents need to help schools understand that data protection is a priority. So consider asking for a list of past hacks and what was done about them.

  • Use Secure Wi-Fi. Practice what you preach at home. Make sure that your home Wi-Fi network is secure. If your child uses public Wi-Fi, ensure they know not to perform sensitive transactions or access sensitive data on these networks.

  • Use Identity Theft Protection Services Proactively. Consider subscribing to an identity theft protection service before a breach happens. These services monitor a variety of data and alert you to potential signs of identity theft.

Data breaches are sadly unlikely to stop, but there is a lot families can do to protect themselves and, at the same time, force more accountability to organizations that are storing our kids data.

Further reading:

https://www.unicef.org/globalinsight/media/1741/file/UNICEF%20Global%20Insight%20Data%20Governance%20Manifesto.pdf

https://consumer.ftc.gov/articles/how-protect-your-child-identity-theft

https://consumer.ftc.gov/identity-theft-and-online-security/protecting-kids-online

https://studentprivacymatters.org/ [note: co-founder Leonie Haimson is one of the most vocal proponents of holding New York officials accountable for our children’s data privacy. See more on the Parent Coalition for Student Privacy website]

Previous
Previous

New Laws Rightly Target Landlords in Illegal Smoke Shop Fight

Next
Next

Important to Check the Fine Print on Education Legislation