Ad Image

Florida Virtual School Discovers Breach of Student and Teacher Identities From Two Years Ago

Florida Virtual School data breach

Florida Virtual School data breach

Two years ago, Florida Virtual School suffered a data breach in which hackers stole the identity data of more than 350,000 students, parents, and teachers, both current and former. The company made the first announcement of the data breach Friday. Florida Virtual School is an accredited, public e-learning school serving grades K-12.  

IAM Solution Suggestion Engine

Members of the Florida Virtual School IT team discovered the data breach on February 12 of this year via a post on a  well-known hackers’ message board. Upon learning of the attack, the school hired a private cybersecurity investigation firm—unnamed at time of writing—to investigate the data breach.

According to reports, this firm discovered a security hole in a single unsecured server which they have since closed. They claim that while student parent, and teacher identity information such as names, birth dates, usernames, and passwords have been compromised, no financial information was stolen. Nearly 2,000 teachers had their Social Security numbers and phone numbers stolen in the breach as well. No malicious activity has yet been detected in connection to the stolen identity data.

The hackers responsible for the data breach have not been identified at time of writing. Florida Virtual School spokesperson James Fuller said in a statement: “Hopefully we can bring these criminals to justice.” The FBI and the Florida Department of Law Enforcement are also investigating.  

The incident highlights the dangers of inadequate identity data storage and access. Without the proper identity management solutions in place, it can be impossible to know if your enterprise’s identity information is secure or who is accessing that data. The Florida Virtual School breach also highlights the dangers of enterprise’s collection of consumer identity information, as has been seen in recent breaches of unsecured databases and servers. GDPR is designed in part to prevent these incidents of neglect or ignorance.  

Widget not in any sidebars

Share This

Related Posts