Privacy & Security

7 Data Breaches That Left Schools in the Lurch

By Lauraine Langreo — August 17, 2023 3 min read
Conceptual photo of blue locks and red locks that are "unlocked" and each placed in a honeycomb grid.
  • Save to favorites
  • Print

Schools’ increasing reliance on digital technology, coupled with insufficient resources to defend their networks, has made them more vulnerable to cyberattacks.

There were 1,619 publicly disclosed cyberattacks on schools between 2016 and 2022, according to K12 Security Information Exchange, a nonprofit focused on helping them prevent such assaults. And 80 percent of school IT professionals in a recent survey reported that they had been hit by a ransomware attack in the past year. School IT professionals were more likely than their counterparts in other industries to report that they had experienced such attacks.

These attacks are costly, not just in terms of how much money districts shell out to regain control of their network and systems but also in terms of how much learning time students lose while systems are down.

See Also

Conceptual illustration of computer with a pixelated lock on screen.
Nanzeeba Ibnat/iStock/Getty Images Plus

Here is a roundup of some of the most recent publicly disclosed cyberattacks on schools:

Prince George’s County Public Schools, Md.

About 4,500 users were impacted by a cyberattack on the Prince George’s County public schools that was detected on Aug. 14, according to the school district. The district—the second-largest in Maryland—is working with cybersecurity experts, government officials, and law enforcement to determine the full extent of the attack. For now, it appears that the district’s main business and student-information systems were not affected. The district said it will contact those who are affected in the coming days and is requiring all users to reset their passwords.

New Haven Public Schools, Conn.

The New Haven school district in Connecticut lost more than $6 million after hackers appeared to have gained access to the email account of the district’s chief operating officer, according to the New Haven Register. The hackers monitored the email correspondence between the COO and vendors and eventually impersonated both in order to divert district payments to its school bus contractor and a law firm to fraudulent accounts. So far, $3.6 million has been recouped.

Minneapolis Public Schools

In March, thousands of files purportedly stolen from the Minnesota district were published on the internet days after a cyber gang announced the school system had missed its deadline to pay a $1 million ransom demand. The files included campus rape cases, child-abuse inquiries, student mental health crises, and suspension reports, The 74 reported. The ransomware attack began in February and affected many of the district’s systems—from the ability to log onto the internet from school buildings to badge access to building alarms.

MOVEit breach

MOVEit is a file-transfer platform used by thousands of governments, financial institutions, and other public- and private-sector organizations around the world. In May, the platform was hacked in a breach believed to have affected at least 161 U.S. schools, according to Brett Callow, a threat analyst for cybersecurity company Emsisoft. In the education sector, some of the MOVEit breach victims include Teachers Insurance and Annuity Association of America, Teachers Retirement System of Georgia, the New York City public schools, and the Minnesota education department.

Other breaches:

  • Cleveland City schools in Tennessee were targeted in a cyberattack on Aug. 15, but the district said less than 5 percent of staff devices were affected. The district said there’s no indication that student, faculty, or parent data have been compromised, according to local reporting.
  • St. Landry Parish schools in Louisiana were hacked in late July, but it’s unclear how much and what kinds of data the hackers accessed. An Aug. 2 press release from the district noted that its student- and employee-information systems were not part of the network compromised.
  • In June, the student-information and payroll systems of the Lebanon school district in New Hampshire were taken offline following a cyberattack. Students weren’t able to access their final grades until July, according to Valley News.

See Also

Image shows a glowing futuristic background with lock on digital integrated circuit.
iStock/Getty Images Plus
Privacy & Security Explainer School Cyberattacks, Explained
Alyson Klein, February 11, 2022
12 min read

Related Tags:

Events

This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
Mathematics Webinar
How an Inquiry-Based Approach Transforms Math Learning
Transform math learning with an approach that empowers students to become active, engaged learners.
Content provided by MIND Education
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
Student Achievement Webinar
Scaling Tutoring through Federal Work Study Partnerships
Want to scale tutoring without overwhelming teachers? Join us for a webinar on using Federal Work-Study (FWS) to connect college students with school-age children.
Content provided by Saga Education
School & District Management Webinar Crafting Outcomes-Based Contracts That Work for Everyone
Discover the power of outcomes-based contracts and how they can drive student achievement.

EdWeek Top School Jobs

Teacher Jobs
Search over ten thousand teaching jobs nationwide — elementary, middle, high school and more.
View Jobs
Principal Jobs
Find hundreds of jobs for principals, assistant principals, and other school leadership roles.
View Jobs
Administrator Jobs
Over a thousand district-level jobs: superintendents, directors, more.
View Jobs
Support Staff Jobs
Search thousands of jobs, from paraprofessionals to counselors and more.
View Jobs

Read Next

Privacy & Security Download A Tip Sheet to Help Teachers Prevent and Respond to Doxxing
Teachers can be a target for malicious actors. Use this tip sheet to prevent and respond to doxxing.
1 min read
Image of digital safety against doxxing and privacy invasion.
Laura Baker/Education Week via Canva
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
Privacy & Security Quiz
Quiz Yourself: How Much Do You Know About Cybersecurity For Schools And Districts?
Answer 6 questions about actionable cybersecurity solutions.
Content provided by FlexPoint Education Cloud
Privacy & Security What Schools Need to Know About These Federal Data-Privacy Bills
Congress is considering at least three data-privacy bills that could have big implications for schools.
5 min read
Photo illustration of a key on a digital background of zeros and ones.
E+
Privacy & Security Civil Rights Groups Seek Federal Funding Ban on AI-Powered Surveillance Tools
In a letter to the U.S. Department of Education, the coalition argued these tools could violate students' civil rights.
4 min read
Illustration of human silhouette and facial recognition.
DigitalVision Vectors / Getty