Top 10 states for data breaches warn of constant cyber threat to higher ed

Nearly 2,700 education cyberattacks have compromised 32 million education records over the last two decades.

If your college or university is in Wyoming, you might be safe—or at least a little safer—from education data breaches. Some 32 million records have been compromised in nearly 2,700 education data breaches over the last two decades. About half of those attacks hit higher education, yet colleges and universities account for more than 80% of records hacked.

Wyoming is the only state not to report a campus data breach. However, many states only passed laws requiring the reporting of cyberattacks within the last few years, Comparitech points out. Here are the top 10 states for higher ed data breaches, with the number of the breaches and records affected:

  1. California: 160 breaches/2.3 million records affected
  2. New York: 82/758,000
  3. Massachusetts: 65/1.8 million
  4. Ohio: 57/1.8 million
  5. Pennsylvania: 57/283,000
  6. Florida: 53/1.3 million
  7. Illinois: 47/535,900
  8. Texas: 47/676,400
  9. Indiana: 46/548,900
  10. Virginia: 46/689,400

So far in 2023, there have been 11 separate educational data breaches, including six ransomware attacks, reported as of mid-March, a slight decline after a surge in incidents at the end of 2022. Comparitech points out that some breaches are not reported until weeks or months after they occur.

More from UB: Cybersecurity programs are set to launch across higher ed this fall

Two of the most common types of cyberattacks now involve ransomware that holds campus networks hostage and third-party data breaches, when a vendor or other partner’s networks are infiltrated. One of the biggest cyberattacks occurred in 2021 when a data breach at Illuminate Education affected more than 600 educational institutions, mostly in K12.

The 2020 Blackbaud ransomware attack also had a wide-ranging impact on educational institutions, Comparitech found.

A few of the biggest data breaches

Here’s Comparitech’s list of a few of the biggest attacks that have occurred over the past few years:

  • 2013—Maricopa County Community College District (Arizona): 2.49 million records affected. A number of databases were breached and the records of nearly 2.5 million students, graduates, and staff were released on the internet. More controversy ensued over the length of time it took officials to notify the individuals impacted.
  • 2017—Harvard Computer Society: 1.4 million records affected. Over 1.4 million emails containing the personal information of members of the Harvard Computer Society were made publicly available for a period of time.
  • 2019—Georgia Tech University: 1.27 million records affected. A central database was hacked, potentially exposing the records of nearly 1.27 million students, faculty, and staff members.
  • 2017—Washington State University: 1.12 million records affected. Thieves stole a safe from a storage locker that contained a computer hard drive backup with over a million personal records, including Social Security numbers.
Matt Zalaznick
Matt Zalaznick
Matt Zalaznick is a life-long journalist. Prior to writing for District Administration he worked in daily news all over the country, from the NYC suburbs to the Rocky Mountains, Silicon Valley and the U.S. Virgin Islands. He's also in a band.

Most Popular