On October 15, 2020, the U.S. Government Accountability Office (GAO) released an important new report to the public on the prevalence and impact of K-12 student data breaches (GAO-20-644 “Data Security: Recent K-12 Data Breaches Show That Students Are Vulnerable to Harm“). The data source for this independent analysis – conducted at the request of Representative Virginia Foxx – was cyber incident data provided by The K-12 Cybersecurity Resource Center, as represented on the K-12 Cyber Incident Map. Why?
“Experts and federal agency officials agree that [the K-12 Cybersecurity Resource Center (CRC)] is the most complete resource that tracks K-12 cybersecurity incidents, including student data breaches.”p. 2
The report found that:
- Thousands of K-12 students had their personal information compromised in data breaches between 2016 and 2020;
- Compromised data included grades, bullying reports, and Social Security numbers—leaving students vulnerable to emotional, physical, and financial harm;
- Breaches were accidental and intentional—with a variety of responsible actors and motives; and
- Wealthier, larger, and suburban school districts were more likely to have a reported breach.
While readers can expect further commentary on this site about the report, the primary purpose of this post is to highlight its availability, to encourage you to read it and to share it widely. The primary messages delivered by the report are on point and important for school leaders and policymakers to review. In addition to a PDF of the full report, the GAO also released a 1-page summary and podcast interview about the report.
GAO Watchdog Report: “The Harm of Data Breaches in Public K-12 Schools” (podcast)
Should you have any questions about the GAO’s analyses or the data collected by the K-12 Cybersecurity Resource Center, please don’t hesitate to ask via Twitter (@K12CyberMap) or directly via this site.