Home - Article

Featured Article

May 13, 2024

New Wave of NYC Student Data Breaches Highlights Importance of Robust Cybersecurity

While we typically introduce articles on lighter notes (and with a bit of whimsy or other verbal flourishes), the nature of this story demands seriousness, readers; no ifs, ands or buts about it.

The protection of our personal data and privacy in this digital era – no matter one’s age, pedigree, field of work or study – is a sure-fire must.

Speaking of study, students the world over are dynamic future-shapers; they’re actively engaged in learning, entrepreneurism, impactful social engagement, you name it. Thus, safeguarding students’ private data stores is of great importance; from transcripts and financial aid plans to online course activity and even information regarding living spaces and meal plan purchases, data safety is a massive priority.

Admittedly, the utilization of this data has its positives; streamlining administrative processes, assessing overall student body learning experiences, and even identifying those who might require personalized academic support are all beneficial when it comes to utilizing student data.

However, as with corporate leaders and government officials, important data also becomes a bigger target at which malicious actors train their aim. Data breaches overseen by unauthorized invaders can have devastating consequences for both individual students and entire institutions; delicate information falling into the wrong hands can lead to financial fraud, identity theft, and other kinds of potentially irreparable reputational damage.

Not that we “want” to conjure up examples here, but just imagine struggling to secure a loan or a student apartment due to someone inappropriately using stolen information, or having one’s academic achievements called into question because of a compromised transcript. (Not to mention the significant mental-emotional toll, leaving students feeling increasingly vulnerable.) For the universities at large, repercussions can include hefty regulatory fines, students’ loved ones who may become hesitant to entrust their family’s data and funds to an institution with poor data security practices, or jeopardizing an all-out erosion of student-faculty relationships (at which the core of greater learning is built).

The long-story-short of this, y’all? Preventing data breaches is a shared responsibility. Students should be aware of the risks associated with sharing personal identifiable information (and they should exercise caution when using campus Wi-Fi and/or university-provided devices), and the institutions themselves must prioritize robust cybersecurity measures (including training) in order to maintain a secure learning environment.

Unfortunately, as stories like these too often go, we’re discussing this due to related news which broke last week:

According to The New York Post, more than 380,000 NYC students recently had their personal data hacked as part of a massive cyber attack, bringing the total number of those affected to over one million.

At the beginning of May, the New York City Department of Education (DOE) began sending letters to troublingly notify hundreds of thousands of current and former students that they were victims of a cyber attack involving one of the DOE’s former software vendors. The breach reportedly included students’ names, dates of birth, ethnicities, academic records and school enrollment. And though the school system has since cut ties with the DOE’s previous software company, the damage was still done.

In letters to those affected, the DOE – having insisted they’ve now “beefed up” cybersecurity protocols and are holding contractors accountable for the protection of students’ privacy – also said that “NYCPS remains committed to protecting our students. We have a comprehensive security compliance process in place to help ensure that companies who access student information dutifully agree to comply with federal, state, and local laws to help protect your data.”

But is this enough? What else can be done?

One thing is for sure – DOE spokeswoman Jenna Lyle worded it well when she spoke to The Post and said “The safety and well-being of all our students and staff, including the entirety of their data and its safety, is our absolute top priority. Our students and school communities deserve better.”

That, they do.

And in terms of what “better” can be achieved, there’s thankfully quite a lot; assessments, patch management, endpoint protection, awareness instruction; the list goes on. As it just so happens, my fellow writer and editor Greg Tavarez covers these quite a bit on this site, and over on MSP Today. After discussing the matter of this NYC student data breach with our team, Tavarez offered the following:

“Here’s something I say often in my articles concerning MSPs and cybersecurity: MSPs are a shield for organizations. In the case of this story, public schools are no exception. They have the tools at hand to safeguard sensitive student and staff data from cyber attacks and complex breaches, all while being compliant with regulations.”

Tavarez is right. MSPs and myriad other providers of modern security services should be adept at tasks like these (again, unlike the aforementioned entity with which the DOE has since parted). Finding the right teams with the right toolsets can prove challenging at times, but opting for shortcuts or would-be cost-cutting options, for instance, isn’t worth it when the exposing of personally identifiable information can leave young learners and those who guide them at risk. Shoring up their cyber defenses is key.

For additional rundowns of NYC data security incidents, feel free to read here.

Edited by Greg Tavarez

Apex Technology Services
Choose from comprehensive, affordable solutions for IT consulting, network services and computer help desk support in Fairfield county including Norwalk, Darien, Stamford, Greenwich, Ridgefield and Bridgeport. Also Westchester county including Rye, New Rochelle, White Plains, Yonkers and New York including Manhattan and the five boroughs.


Apex Technology Services is a cutting edge MSP offering quality IT support to financial, medical, legal, Fortune 500 and government agencies while adhering to the highest of quality...



Apex Technology Services has the cybersecurity expertise to help your business in a world filled with attackers looking to shut down your business hold it ransom or steal your valuable...



Apex Technology Services delivers a combination of traditional IT functions such as infrastructure as a service (IaaS), applications, software, security, monitoring, storage...


Ranked Top 10 Network security Solution Provider

One Stop Shop For All Your Technology Needs

Contact us Now!