University of Kentucky reports breach of digital education program

Officials said malicious actors may have targeted a program called "Digital Driver's License" that actually has nothing to do with government-issued IDs.
A University of Kentucky bus
(Raymond Boyd / Getty Images)

A breach at the University of Kentucky allowed unauthorized access to an online digital privacy and etiquette program called the “Digital Driver’s License,” a name that officials theorize may have put a target on the database.

The program, offered through an open-source tool created and maintained in Kentucky’s College of Education, teaches students how to navigate the internet and provides online assessments of that knowledge.

University officials said it’s possible malicious actors targeted the program believing it was related to government-issued identifications, which would contain significant amounts of personally identifiable information. Despite its name, the University of Kentucky’s Digital Driver’s License program is unrelated to motor-vehicle credentials. Still, the outside actors likely obtained a copy of a database containing the names and email addresses for 355,000 people involved in the online digital citizenship program, according to a news release Thursday.

“One of our theories is that these bad actors saw that name or saw that characterization and thought it was something else — private identifying information or financial information,” University of Kentucky spokesman Jay Blanton told EdScoop. “We don’t have any reason to believe that they were trying to access educational information.”


The university found the breach in a routine annual security check and took the database offline in June. The database, previously housed on a College of Education server, will now move under the university’s central IT department. Since the breach was identified, University of Kentucky leaders have notified school districts, higher education institutions and attorneys general in affected states of the problem and offered assistance, though Blanton said officials think there is a low risk of identity theft associated with the information in the database.

Along with names and email addresses, there could be some test scores from the program tied up in the breach, Blanton said. Kentucky’s College of Education maintains free lessons and assessment tools for schools and colleges for online learning. The Digital Driver’s License course is part of that program, but other resources within the program were not affected, according to the university.

8/9/21 Correction: A previous version of this story incorrectly indicated that emails, rather than email addresses, had been compromised.

Emily Bamforth

Written by Emily Bamforth

Reporter for StateScoop and EdScoop covering IT, decision-making and modernization. Before joining Scoop News Group, reported for six years for and the Cleveland Plain Dealer.

Latest Podcasts