An almost two-year data breach has hit more than 368,000 students involved in the Florida Virtual School (FLVS) program.
FLVS said in a
statement that the data exposure was likely active between 2 May 2016 and 12 February 2018 and that up to 2,000 teachers were impacted along with the students.
The leaked information includes student and parent names, dates of birth, email addresses, school account numbers and corresponding usernames and passwords – all of which could be used for identity theft as well as follow-on phishing and other social engineering attacks.
“For those affected by the data breach, it’s imperative that all accounts are regularly monitored for identity theft,” said Dean Ferrando, EMEA manager at cybersecurity firm
Tripwire, via email. “Changing passwords will also help, no matter what information was compromised. Victims are most vulnerable during the initial moments after the attack, and this is why we recommend they act with extreme caution when dealing with incoming emails and telephone calls regarding the breach.”
Fortunately, neither student nor parent Social Security numbers and financial account information were affected. Still, it should be a wake-up call for the school.
