K-12

Edtech poses privacy and safety risks for students, FBI warns

The law enforcement agency is encouraging parents and families to research cyberthreats and the laws governing student privacy rights.

By Jared Beinart

September 17, 2018

(Getty Images)

Hoping to protect the privacy and safety of K-12 students, the FBI has issued a public service announcement encouraging awareness of cyberthreats involving education technologies, or edtech.

The announcement warns parents, students and teachers of the potential exploitation of information stored on these technologies, which include personalized learning experiences, tracking academics, disciplinary issues, student information systems and classroom management programs.

To inform of the potential risk of cyberattacks, the FBI provided a list of sensitive data collected in schools that includes personally identifiable information such as biometric data, academic and classroom data, behavioral data, disciplinary and medical data. It also includes student web browsing history, geolocation data and IP addresses.

“The widespread collection of sensitive information by EdTech could present unique exploitation opportunities for criminals,” the FBI states in its announcement posted last week. “Malicious use of this sensitive data could result in social engineering, bullying, tracking, identity theft, or other means of targeting children.”

The warning comes after two large edtech companies, Schoolzilla and Edmodo, suffered breaches of users’ personal information last year. Schoolzilla’s April 2017 data breach exposed information of 1.3 million students. Edmodo’s breach, also in April, led to 77 million accounts being stolen and sold on the dark web.

“EdTech connected to networked devices or directly to the Internet could increase opportunities for cyber actors to access devices collecting data and monitoring children within educational or home environments,” the FBI said.

The FBI goes on to warn that school-issued laptops and tablets or monitoring devices, such as in-school surveillance cameras and microphones, especially those with remote-access capabilities, are vulnerable to intrusion.

The FBI concludes its notice by recommending that parents and families conduct research on existing student privacy rights, learn more about how these technologies are being used in their schools, and to organize coalitions that protect student privacy and data security.

The FBI’s list of recommendations:

Conduct research on the existing student and child privacy protects of the Family Educational Rights and Privacy Act (FERPA), the Protection of Pupil Rights Amendment (PPRA), the Children’s Online Privacy Protection Act (COPPA), and state laws as they apply to EdTech services.
Learn more about how EdTech technologies and services are being used in their schools
Research parent coalition and information-sharing organizations that are available online
Research school-related cyber breach incidents which can further the discussion of data vulnerabilities
Monitor credit or identity theft to check for any fraudulent use of their children’s identity
Monitor the spread of their children’s information on the internet by conducting regular Internet searches