On October 15, 2020, the U.S. Government Accountability Office (GAO) released an important new report to the public on the prevalence and impact of K-12 student data breaches (GAO-20-644 “Data Security: Recent K-12 Data Breaches Show That Students Are Vulnerable to Harm“). The data source for this independent analysis – conducted at the request of Representative Virginia Foxx – was cyber incident data provided by The K-12 Cybersecurity Resource Center, as represented on the K-12 Cyber Incident Map. Why?

“Experts and federal agency officials agree that [the K-12 Cybersecurity Resource Center (CRC)] is the most complete resource that tracks K-12 cybersecurity incidents, including student data breaches.”

p. 2

The report found that:

  • Thousands of K-12 students had their personal information compromised in data breaches between 2016 and 2020;
  • Compromised data included grades, bullying reports, and Social Security numbers—leaving students vulnerable to emotional, physical, and financial harm;
  • Breaches were accidental and intentional—with a variety of responsible actors and motives; and
  • Wealthier, larger, and suburban school districts were more likely to have a reported breach.

While readers can expect further commentary on this site about the report, the primary purpose of this post is to highlight its availability, to encourage you to read it and to share it widely. The primary messages delivered by the report are on point and important for school leaders and policymakers to review. In addition to a PDF of the full report, the GAO also released a 1-page summary and podcast interview about the report.

No Title

No Description


GAO Watchdog Report: “The Harm of Data Breaches in Public K-12 Schools” (podcast)

Schools collect and store a range of information about students, including data on their grades and test scores, addresses and phone numbers, Social Security numbers, and even medical information. Disclosing this information could be harmful to students physically, emotionally, and impact their long-term financial health. We talk with GAO’s Jackie Nowicki–an expert on K-12 education and school safety, and a director in our Education, Workforce, and Income Security Team–about a new GAO report on data breaches in public schools.

Should you have any questions about the GAO’s analyses or the data collected by the K-12 Cybersecurity Resource Center, please don’t hesitate to ask via Twitter (@K12CyberMap) or directly via this site.