A K12 Inc. company database that included information for 19,000 students was available for anyone with an internet connection to see for at least a week, according to a report from Comparitech, which describes itself as a pro-consumer organization that offers security services.
It’s not clear that anyone with ill intentions accessed the information during the data exposure, which lasted from June 23 until July 1.
The data came from the for-profit virtual education provider’s A+nyWhere Learning System, a software package used by more than 500 school districts, according to K-12 Inc. Students’ names, genders, birthdates, school names, and more were visible. In all, there were over 7 million records available.
So is this potential data breach as a big a deal as, say, an intentional hacking of student social security numbers? Not really, says the Comparitech report. But parents and students who may have been affected still need to exercise caution.
Students may be vulnerable to phishing attempts (where a bad actor sends an email trying to get personal information) and other forms of fraud. And they warned of potential increases in spam, since email addresses were made public.
K-12 is working to “proactively” notify families who may have been affected, a spokesman said. “Student privacy is vitally important to us at K12. Our security team promptly addressed the issue, and the data is now secure, with technical and process improvements to our software hosting migration to help prevent this situation from occurring again,” K-12 said in a statement. “We are also going above and beyond what is legally required, and proactively contacting all partner districts with connections to these students.
The company underscored that the information didn’t include health or social security data. “We have no reason to believe anyone, other than the researchers who brought this to our attention, improperly accessed this information,” he said.
K-12 Inc. has long been a flash-point in the debate over the role of for-profit companies in education. The company and its supporters contend that it fills a key, often unmet need by providing flexible and customized online services to students who struggle or otherwise aren’t comfortable in brick-and-mortar schools.
K12’s detractors note its students’ lackluster showing on state tests, and point to complaints about its business practices as reasons to be skeptical of the company and its role.
A version of this news article first appeared in the Digital Education blog.