Privacy & Security

Florida Virtual School Reveals Huge Data Breaches

By Benjamin Herold — March 12, 2018 3 min read
  • Save to favorites
  • Print

UPDATED

The largest state-run virtual school in the country revealed two major data breaches last week, the latest in a string of cybersecurity incidents affecting the nation’s students and teachers.

The exact nature of the breaches, which also involved the 34,000-student Leon County, Fla. school system, remain the subject of dispute.

In one of the breaches, the personal information of more than 368,000 students who have taken courses at the Florida Virtual School was left unsecured online for almost two years, exposing them to potential identity theft, the school said.

According to FLVS, unauthorized individuals also obtained data being transferred between FLVS and Florida’s Leon County school district, allowing them to collect the Social Security numbers, addresses, phone numbers, spouses’ names, personal contact information, and emergency contacts of more than 1,800 Leon County teachers.

“FLVS takes it obligation to protect the privacy of personal information very seriously and deeply regrets this incident,” the school said in a notice posted to its website.

Leon County school officials, however, have taken exception with some details of FLVS’s characterization of events. In a press conference Monday, superintendent Rocky Hanna said that “hackers got all the data from a single server accidentally left open,” and that Florida Virtual School is “100 percent responsible for this theft.”

Hanna said that “over 50,000 individuals” connected to Leon County schools, including both students and teachers, may have been affected.

Investigations into the incidents are still underway. Both FLVS and Leon County initiated forensic cybersecurity reviews last month, after being alerted that hackers were bragging about access to the personal information in an online forum. The parties then alerted state and federal law-enforcement agencies.

Founded in 1997, the Florida Virtual School is a public school district that serves about 6,000 full-time students. Hundreds of thousands of other students in public, private, charter, and home schools take FLVS’s online courses part-time.

The breaches were first brought to light by databreaches.net.

“There are lessons to be learned here, but they won’t be learned if there’s any cover-up or attempt to spin what happened,” the site reported in an update posted late Monday.

According to a spokesman for FLVS, the compromised student information was stored on a server that was left open, without appropriate password protection. Included were student names, dates of birth, parents’ contact information, and school-account usernames and passwords.

Cybersecurity is a rising concern for school districts and educational vendors alike. A recent survey by the Consortium for School Networking and the Education Week Research Center, for example, found that school chief technology chiefs continue to underestimate a wide range of threats, from breaches to phishing to ransomware. As a result, schools have also been slow to take the necessary steps to prevent such attacks.

FLVS is offering those who may have been impacted by the breach a year of identity-protection and fraud-monitoring services. There is no evidence that any financial information was stolen, or that anyone’s personal information has yet been used fraudulently, the school said.

“Rather than engaging in a blame game, FLVS has focused on fixing the problem, providing protection to anyone who might have been impacted, and taking action to make sure this never happens again,” spokesman Ron Hutcheson said in a statement.

This post has been updated to reflect the dispute between Florida Virtual School and the Leon County school district, including quotes from representatives of both parties and futher reaction from databreaches.net.


See also:


for the latest news on ed-tech policies, practices, and trends.

A version of this news article first appeared in the Digital Education blog.


Commenting has been disabled on edweek.org effective Sept. 8. Please visit our FAQ section for more details. To get in touch with us visit our contact page, follow us on social media, or submit a Letter to the Editor.


Events

This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
Teaching Webinar
6 Key Trends in Teaching and Learning
As we enter the third school year affected by the pandemic—and a return to the classroom for many—we come better prepared, but questions remain. How will the last year impact teaching and learning this school
Content provided by Instructure
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
Student Well-Being Webinar
Attendance Awareness Month: The Research Behind Effective Interventions
More than a year has passed since American schools were abruptly closed to halt the spread of COVID-19. Many children have been out of regular school for most, or even all, of that time. Some
Content provided by AllHere
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
School & District Management Webinar
Ensuring Continuity of Learning: How to Prepare for the Next Disruption
Across the country, K-12 schools and districts are, again, considering how to ensure effective continuity of learning in the face of emerging COVID variants, politicized debates, and more. Learn from Alexandria City Public Schools superintendent
Content provided by Class

EdWeek Top School Jobs

Teacher Jobs
Search over ten thousand teaching jobs nationwide — elementary, middle, high school and more.
View Jobs
Principal Jobs
Find hundreds of jobs for principals, assistant principals, and other school leadership roles.
View Jobs
Administrator Jobs
Over a thousand district-level jobs: superintendents, directors, more.
View Jobs
Support Staff Jobs
Search thousands of jobs, from paraprofessionals to counselors and more.
View Jobs

Read Next

Privacy & Security Spotlight Spotlight on Lessons Learned: Digital Safety
In this Spotlight, review ways you should be approaching student and system data, discover how others teach digital safety, and more.
Privacy & Security Quiz Quiz: How Much Do You Know About Protecting Students During Remote Learning?
Quiz Yourself: What should you know about storing video content involving students?
Privacy & Security Spotlight Spotlight: Online Student Safety
In this Spotlight, assess possible digital vulnerabilities, learn how students may be partaking in digital self-harm, and more.
Privacy & Security Hackers Post 26,000 Broward School Files Online After District Doesn't Pay Ransom
Hackers who demanded up to $40 million from the Broward School District have now published nearly 26,000 files stolen from district servers.
Scott Travis, South Florida Sun-Sentinel
3 min read
Image shows a glowing futuristic background with lock on digital integrated circuit.
iStock/Getty Images Plus