Hackers Post Personal Info of Thousands of K-12 Students to 'Dark Web'

Sen. Blackburn calls on Education Dept to address wave of student data breaches

Sen. Marsha Blackburn (R., Tenn.) / Getty Images
September 20, 2021

Sen. Marsha Blackburn (R., Tenn.) is calling on the Department of Education to bolster student privacy protections after hackers released thousands of children's personal information online.

In a letter obtained by the Washington Free Beacon, Blackburn implored Education Secretary Miguel Cardona to address a recent wave of cyberattacks that put children as young as five at risk of identity theft. Hackers have breached more than 1,200 schools in 2021, publishing the data they obtained on "dark web" sites that cannot be accessed from a search in a browser and are often used by criminals. Blackburn called the hacks "extremely distressing."

The recent wave of hacks is one of several education issues facing the Biden administration. Following recommendations from the nation's largest teachers' unions, the administration has only hesitantly supported reopened schools. Under Cardona, the Education Department has prioritized critical race theory, student loan forgiveness, and Title IX reforms.

The Department of Education did not respond to a request for comment.

According to NBC News, multiple groups of hackers have published students' Social Security numbers, birthdays, and report cards. In many cases, the targeted schools were not aware of the breaches.

Hackers used personal information from a school breach in Toledo, Ohio, to take out credit cards with children's identities. Experts warn such hacks could ruin kids' credit scores years before they are old enough to realize. Hackers also accessed personal information, like whether students were homeless, qualified for at-school lunch, or were dyslexic.

Some experts believe remote learning has put children's data at risk. According to cybersecurity expert Maurice Turner, "remote learning has enabled schools to collect even more student information without the necessary safeguards to protect the sensitive data." Turner compared current standards to the old college practice of using Social Security numbers as student IDs. He suggested the Department of Education tie security standards to federal funding.

Schools are also prime targets for hostile foreign actors. China has repeatedly stolen data from American universities over the past several years, often tapping students to steal information for Beijing. In July, the Biden administration scrapped a Trump administration proposal to strengthen government oversight of the student visa system.

Lawmakers have recently called on the Biden administration to beef up federal cybersecurity protections. The Biden administration refused to sanction China for a hack on Microsoft email servers that compromised the data of millions of Americans.