October 22, 2018

October 22, 2018

Subscribe to Latest Legal News and Analysis

Department of Education Posts CyberAdvisory on Extortion and Student Data Threats

Acknowledging that schools have “long been targets for cyber thieves,” the Federal Student Aid Office (FSA) of the U.S. Department of Education (ED) posted an alert on October 16, warning school districts and other educational institutions of criminal extortion schemes threatening to release sensitive student data. Recent, similar cyberattacks in Montana and Iowa are being investigated by the FBI.

ED cautions that school districts and postsecondary institutions with relatively weak security protocols may be targeted, and urges information technology staff at all schools to keep their organizations, and associated student data, safe by adopting protective measures. Specifically, FSA advises schools to:

  • Conduct security audits that detect existing weaknesses and patch system flaws;

  • Create – and routinely review – audit logs for suspicious activity;

  • Train staff and students on phishing, malicious software, and best practices in data security; and

  • Verify that outside access to sensitive data is properly limited.

ED suggests any organization attacked in this manner contact law enforcement, and requests that affected primary and secondary schools also contact the department at privacyTA@ed.gov. Postsecondary institutions participating in the Title IV federal student aid programs must notify ED of data breaches, pursuant to the Gramm-Leach-Bliley Act and their Title IV program participation agreements.

For additional resources to prevent, respond to, and recover from cyber attacks, FSA recommends reviewing the Privacy Technical Assistance Center website on student privacy, as well as FSA’s Cybersecurity Compliance resource page.

©2018 Drinker Biddle & Reath LLP. All Rights Reserved


About this Author

Sarah Pheasant, Education and Compliance Lawyer, Drinker Biddle

Sarah L. Pheasant advises clients on various aspects of education law and regulatory compliance, including issues pertaining to the Higher Education Act, Title IV federal student aid programs, state educational licensing laws and the accreditation of postsecondary institutions. She has helped to advise non-profit and for-profit educational institutions and private investors on complex transactions, including changes of ownership involving institutions of higher education.

Before joining Drinker Biddle, Sarah handled a diverse range of litigation,...

(202) 230-5675
Jonathan Tarnow, Education and Government affairs lawyer, Drinker Biddle

Jonathan D. Tarnow advises clients on a wide range of education law matters involving the U.S. Department of Education, accrediting bodies, state agencies and other government regulators. He has extensive experience advising public, non-profit and proprietary institutions of higher education on the statutory and regulatory requirements of federal student financial aid programs under Title IV of the Higher Education Act, and has represented institutions in Title IV compliance reviews and audits, including administrative hearings and appeals related to findings of non-compliance. Jonathan is a partner in the firm's Government and Regulatory Affairs Group and a member of the Education Team and the Privacy and Data Security Team.

He frequently represents private equity funds, private investors, publicly traded and privately held education companies, and financial institutions that serve postsecondary educational institutions on transactions in the education sector. This includes purchases and sales of institutions or their assets, conversions of private institutions from proprietary to non-profit status, credit facilities to support acquisitions or ongoing operations, and other complex transactions involving colleges and universities.

(202) 354-1357