Since 2005, educational institutions across the United States have faced 3713 data breaches, compromising over 37.6 million records. A recent report by Comparitech highlights that 2023 was particularly challenging, with a record 954 breaches, a substantial increase from 139 in 2022 and 783 in 2021. This surge is largely attributed to vulnerabilities in the MOVEit file transfer software, which alone affected over 800 institutions. The number of compromised records in 2023 reached nearly 4.3 million, a significant rise compared to approximately 2.6 million in the previous two years.
The data revealed that colleges and universities were the most affected, accounting for 60% of the breaches, with 83% of the compromised records originating from post-secondary institutions. Key incidents included third-party breaches involving organizations like Blackbaud, Illuminate Education, and MOVEit, contributing to the high number of affected records. Among the largest breaches in 2023 was the University System of Georgia, which reported that the MOVEit exploit impacted 800,000 individuals. The increased cyber threats underscore the critical need for enhanced security measures within the education sector.
State-level data indicated that New York had the highest number of breaches, with 800 incidents, while California had the most records affected, exceeding 3.3 million. Texas led in K-12 student records breached, with over 1.7 million records compromised. Ransomware attacks were particularly prevalent in K-12 schools, with 149 out of 246 tracked incidents since 2018 targeting this sector. Despite this, post-secondary institutions experienced a higher volume of records impacted by such attacks, with 3.74 million records breached compared to 1.53 million in K-12 schools.
The Comparitech report also highlighted a potential positive trend in the first quarter of 2024, with only 16 breaches reported, affecting 58,400 records. However, the long-term outlook remains uncertain as cyber-attacks continue to evolve. The report emphasizes the ongoing vulnerability of educational institutions and the urgent need for robust cybersecurity strategies to protect sensitive data.
