Countries like the United Kingdom, the United States, Australia, and Canada have established cyber laws that require organizations affected by ransomware attacks to report these incidents within a specific time frame. These mandatory reporting windows typically range between 48 to 72 hours, depending on the countryโs regulatory framework. The aim is to ensure transparency, facilitate timely responses, and protect stakeholders from further harm.
However, a recent study by Comparitech reveals a troubling trend in the U.S. education sector. On average, educational institutions across America take approximately 4.8 months to publicly disclose data breaches resulting from ransomware attacks. In some extreme cases, schools have waited as long as six months before reporting the breach or notifying affected individuals about the compromise of their personal data.
Whatโs more alarming is that many of these incidents only come to light when stolen data appears for sale on the dark web. In other words, rather than being proactive, many institutions remain silent until external parties expose the breach.
A notable example of this occurred at the end of last year, when a significant ransomware attack targeted PowerSchool softwareโwidely used by school districts for managing student information. The attack affected over 100 school districts, as hackers managed to infiltrate and encrypt critical servers. Yet, details of the breach only surfaced publicly once the compromised data began circulating in underground cybercrime markets.
This pattern of delayed disclosure not only raises serious ethical and legal questions but also puts students, parents, and educators at heightened risk of identity theft, fraud, and other cyber-related harms.
Ad
Source link
#Ransomware #attacks #education #sector #unreported #months
