January 20, 2018

January 19, 2018

Subscribe to Latest Legal News and Analysis

January 18, 2018

Subscribe to Latest Legal News and Analysis

January 17, 2018

Subscribe to Latest Legal News and Analysis

Department of Education Posts CyberAdvisory on Extortion and Student Data Threats

Acknowledging that schools have “long been targets for cyber thieves,” the Federal Student Aid Office (FSA) of the U.S. Department of Education (ED) posted an alert on October 16, warning school districts and other educational institutions of criminal extortion schemes threatening to release sensitive student data. Recent, similar cyberattacks in Montana and Iowa are being investigated by the FBI.

ED cautions that school districts and postsecondary institutions with relatively weak security protocols may be targeted, and urges information technology staff at all schools to keep their organizations, and associated student data, safe by adopting protective measures. Specifically, FSA advises schools to:

  • Conduct security audits that detect existing weaknesses and patch system flaws;

  • Create – and routinely review – audit logs for suspicious activity;

  • Train staff and students on phishing, malicious software, and best practices in data security; and

  • Verify that outside access to sensitive data is properly limited.

ED suggests any organization attacked in this manner contact law enforcement, and requests that affected primary and secondary schools also contact the department at privacyTA@ed.gov. Postsecondary institutions participating in the Title IV federal student aid programs must notify ED of data breaches, pursuant to the Gramm-Leach-Bliley Act and their Title IV program participation agreements.

For additional resources to prevent, respond to, and recover from cyber attacks, FSA recommends reviewing the Privacy Technical Assistance Center website on student privacy, as well as FSA’s Cybersecurity Compliance resource page.

©2018 Drinker Biddle & Reath LLP. All Rights Reserved


About this Author

Sarah Pheasant, Education Law, Compliance, Drinker Biddle Law Firm

Sarah L. Pheasant advises clients on various aspects of education law and regulatory compliance, including issues pertaining to the Higher Education Act, Title IV federal student aid programs, state educational licensing laws and the accreditation of postsecondary institutions. She has helped to advise non-profit and for-profit educational institutions and private investors on complex transactions, including changes of ownership involving institutions of higher education.

(202) 230-5675
Jonathan Tarnow, Drinker Biddle Law Firm, Government Affairs Attorney

Jonathan Tarnow is a partner on the Education Law team in the firm's Government & Regulatory Affairs Practice Group. He advises educational institutions, publicly-traded and privately-held education companies, private investors and third party vendors on numerous laws and regulations governing the postsecondary education industry, specifically as related to participation in the federal student financial assistance programs, accreditation, state educational licensing, student records privacy and related matters.

Jonathan has served on the Board of Trustees of The George Washington University, where he was particularly active on the Student Affairs and Information Technology Committees.

(202) 354-1357