study at home

Facing Coronavirus Growing Pains, California School Districts Confront Cybersecurity Breaches

In Berkeley, administrators are addressing an explicit “Zoombombing” incident as Oakland acknowledges a public leak of Google Classroom sites and Zoom meeting passwords.

School districts in Oakland and Berkeley have struggled with cybersecurity incidents in the past month, demonstrating the massive learning curve that administrators have been on to meet demands for remote learning during the COVID-19 pandemic.

With schools closed due to coronavirus concerns, many classes have been meeting via teleconference software like Zoom or sharing class materials through platforms like Google Classroom.

Oakland schools discovered a student privacy breach after administrators accidentally made hundreds of access codes and passwords used by teachers for online classroom meetings and video conferences public, The San Francisco Chronicle reported. With online trolls using social media and messaging tools to coordinate harassment campaigns in virtual classrooms, the breach could lead to disruption of classes with obscene language and images.

The Chronicle informed the district that their documents, featuring Google Classroom sites set up by teachers across the districts and access information to Zoom meeting rooms for teachers and students, were easily available online. The codes allowed anyone with a Gmail account to join the Google Classroom site and see students’ full names and comments posted on the site, according to the Chronicle.

Read More: New York City Bans Schools From Using Zoom Following Harassment Campaigns Targeting Classrooms

Oakland administrators removed the documents on April 8 and worked to lock down the classroom sites to not be available to users who are not students or staff. District spokesman John Sasaki said that the district was not aware of any breaches in its online platforms as a result of the information leaking online.

“This is all part of this new reality that we’re all experiencing now,” Sasaki said, according to EdSource. “We’ve made it very clear that anything that faces the public should have just the bare minimum of information. When it comes to codes and passwords, those should be sent via email, text message, or in a Google doc shared just with the class.”

A Berkeley high school class was victim to “Zoombombing,” the practice of internet trolls gaining access to classrooms or meetings and disrupting them with obscene images or language.

In the case of the Berkeley teacher, a man gained access to a Zoom meeting with students despite the teacher following proper security measures, such as setting a password and not sharing the link publicly. But the disruptor still managed to get in, exposing himself and shouting obscenities before the teacher was able to kick him out of the virtual classroom, the Chronicle reported.

Berkeley Superintendent Brent Stephens said it is likely that a student cut and pasted the access information to the meeting online, allowing a would-be predator to find it. The intruder also used a pseudonym that matched a student’s first name, reflecting the sophistication of predators coordinating virtual attacks on classrooms.

“We’re all kind of learning about the world that we’re in,” Stephens said, adding: “We’re being asked to sustain student learning while they’re at home and using technology to do it and just stumbling through these issues.”

Police are investigating the incident, which was disclosed to parents last Wednesday. The district has suspended holding virtual classrooms until it can figure out a solution with Zoom, which has vowed to take more action to protect users from intruders. Stephens hopes to restore teleconferencing this week with additional security practices, he told the Chronicle.

“It’s just heartbreaking hearing stories from parents that their kids aren’t getting out of bed until 11 in the morning and are displaying symptoms of depression,” Stephens said. “And [Zoom] was alleviating some of that.”

About the Author

Haley Samsel is an Associate Content Editor for the Infrastructure Solutions Group at 1105 Media.


  • Expanding Mobile Access Credentials

    The new academic year is now kicking into high gear at colleges and universities, and on many campuses, students were welcomed this fall with the added convenience and security of mobile access credentials. It is a trend that has become more of an expectation than a surprise in the world of higher education as the demand for advancements in electronic access control (EAC) like mobile credentials continues to grow. Read Now

  • New York School District Selects AtlasIED’s IPX Technology for Modernization Initiative

    The North Syracuse Central School District (NSCSD), a K-12 public school district in Central New York state, serves the communities of North Syracuse, Clay, Cicero, Bridgeport, and Mattydale. With 11 elementary, middle, and high schools, the district covers almost 90 square miles and has 7,792 students and approximately 700 teachers. With some of its school buildings over 60 years old, the district needed to renovate many of them, some more urgently than others. As part of the process, district administrators and staff reevaluated all infrastructure elements and their approach to campus safety, selecting AtlasIED IPX technology to modernize their intercom, audio announcements, and emergency communications systems. Read Now

  • New York Lifts Ban on Biometric Technologies in K-12 Schools

    New York Lifts Ban on Biometric Technologies in K-12 Schools

    On Sept. 27, 2023, New York State Department of Education Commissioner Betty A. Rosa issued a determination that lifted the nearly three-year ban on use of biometric technologies in both public and private K-12 schools in effect from December 2020 Read Now