Education Sector Security Intelligence
Tracking breaches, regulatory updates, and threats affecting schools, universities, and EdTech.
Latest Intelligence
View All →FERPA Annual Notification Deadline Approaching for 2026-27 Academic Year
Educational institutions should begin preparing their annual FERPA notification materials for the upcoming 2026-27 academic year. Under FERPA, schools must annually notify parents and eligible students of their rights regarding education records, including the right to inspect records, request amendments, and control disclosure of personally identifiable information. Institutions should review and update their notification language, directory information policies, and opt-out procedures before the start of the fall semester.
CISA Warns of Continued Ransomware Targeting K-12 School Districts
CISA continues to observe ransomware threat actors targeting K-12 school districts, particularly those with limited IT resources and outdated systems. School districts are urged to implement baseline cybersecurity measures including multi-factor authentication, regular patching, offline backups, and incident response planning. CISA's free cybersecurity services and tools are available to help districts improve their security posture.
FTC Signals Increased COPPA Enforcement Against EdTech Platforms
The Federal Trade Commission has signaled it will increase enforcement of COPPA violations by EdTech companies, particularly those collecting data from children under 13 without verifiable parental consent. With the modernized COPPA rule now in effect, EdTech platforms must ensure compliance with updated data minimization requirements, consent mechanisms, and data retention limits. Companies operating in the K-12 space should review their practices against the updated rule requirements.
Fort Scott Community College breach exposes SSNs and financial data
Fort Scott Community College (KS) reports November 2025 cybersecurity incident affecting 4,016 individuals. SSNs and financial account information compromised. Second community college breach disclosed in 2026 following Clackamas CC.
Portland Public Schools breach impacts 12,128 individuals
Portland Public Schools (ME) discloses February 2025 network intrusion affecting 12,128 students, staff, and community members. Nearly a year elapsed between the unauthorized access and confirmation of data exposure.
Trocaire College breach exposes SSNs and passport numbers for 23,436
Trocaire College (Buffalo, NY) discloses March 2025 breach affecting 23,436 individuals. SSNs, driver's licenses, and passport numbers among exposed data. Ten-month gap from intrusion to notification.
Clackamas Community College discloses breach affecting 33,381
Clackamas Community College (OR) reports two separate intrusions in September and October 2025 resulting in file exfiltration. 33,381 individuals affected. Attackers returned six weeks after initial account compromise was detected and reset.