Security & Privacy


K–12 IT Pros See Careless Insiders and Foreign Governments as Top Security Threats

A new survey of public sector IT professionals finds that the biggest data security threats come from a wide range of sources, from simple carelessness to intentional hacking from foreign governments.

Why Educational Institutions are Prone to Ransomware Attacks (and What They Can Do to Protect Themselves)

Ransomware is the most significant cyber threat in the education sector, and K–12 schools and colleges and universities are both targets.

text reads Ransomware Vulnerability Warning Pilot next to CISA logo

CISA Offers Ransomware Vulnerability Warning Notifications to Help Avoid Cyber Incidents

The federal Cybersecurity and Infrastructure Security Agency is encouraging public sector and critical infrastructure organizations to enroll in its new Ransomware Vulnerability Warning Pilot program to receive notifications anytime a new relevant vulnerability being exploited by threat actors is identified.

Image shows scales of justice, Aeries SIS logo and Illuminate Education logo

Aeries Settles Data Breach Lawsuit for $1.75M; Illuminate Suit is Dismissed – For Now

Two ed tech providers that suffered data breaches that compromised private student information have seen civil lawsuits reach vastly different results — yet both should serve as a stark warning for ed tech companies collecting student data, a data privacy attorney told THE Journal.

Raptor Technologies Acquires SchoolPass, Will Integrate Its Attendance and Dismissal Automation Features

School safety software provider Raptor Technologies has acquired SchoolPass and will integrate the latter’s cloud-based attendance automation and dismissal automation into the Raptor Tech platform, according to a news release.

Photo representing ransomware with THE Journal logo

ClassLink's New DataGuard Tool 'Masks' PII in Roster Data Shared with Vendors

Identity and access management provider ClassLink has launched a new tool called DataGuard designed to reduce the amount of sensitive private data shared by schools with ed tech vendors, according to a news release.

Follow THEjournal.com for news about data breaches impacting K-12 schools and students across the United States

Federal Legislation Would Create K-12 Cybersecurity Improvement Program, Incident Registry

A new bill filed in both houses of Congress Wednesday by U.S. Rep. Doris Matsui (D-CA), Rep. Zach Nunn (R-IA), Sen. Marsha Blackburn (R-TN), and Sen. Mark Warner (D-VA) would direct CISA to create a cybersecurity information exchange for K–12 schools, a voluntary incident registry, and a “Cybersecurity Technology Improvement Program” funded at $10 million per year for the next two years.

graphic shows student data, teacher data, and staff data all feeding into "School Passport" and coming out anonymized

School Passport 2.0 Puts Schools In Control of Data, 'Seamlessly Anonymizes' PII Shared with Ed Tech

Global Grid for Learning has unveiled its newest school data exchange solution designed to give schools better data analytics and control over data privacy while eliminating the need for vendors using the standards to access and share students’ protected private information, by using patented anonymization and API technology.

line graph shows K-12 education saw a massive increase in ransomware attacks in 2022 over 2021

Ransomware Targeting K-12 Grew a Massive 827% Last Year, SonicWall Reports

Ransomware attacks targeting K–12 schools worldwide last year grew at an “absolutely massive” rate of 827% over 2021, according to SonicWall’s 2023 Cyber Threat Report, and the data shows that education customers — those whose data is compromised during ransomware attacks — had the highest percentage reporting ransomware attempts of all sectors studied.

Photo representing ransomware with THE Journal logo

CISA Alerts on Seven New Known Exploited Vulnerabilities

In the past week, CISA has published alerts on seven known exploited vulnerabilities — two of which put a long list of Apple devices at risk — ordering federal agencies to remediate the identified vulnerabilities immediately and encouraging all organizations to do the same.