Privacy & Security

7 Data Breaches That Left Schools in the Lurch

By Lauraine Langreo — August 17, 2023 3 min read
Conceptual photo of blue locks and red locks that are "unlocked" and each placed in a honeycomb grid.
  • Save to favorites
  • Print

Schools’ increasing reliance on digital technology, coupled with insufficient resources to defend their networks, has made them more vulnerable to cyberattacks.

There were 1,619 publicly disclosed cyberattacks on schools between 2016 and 2022, according to K12 Security Information Exchange, a nonprofit focused on helping them prevent such assaults. And 80 percent of school IT professionals in a recent survey reported that they had been hit by a ransomware attack in the past year. School IT professionals were more likely than their counterparts in other industries to report that they had experienced such attacks.

These attacks are costly, not just in terms of how much money districts shell out to regain control of their network and systems but also in terms of how much learning time students lose while systems are down.

See Also

Conceptual illustration of computer with a pixelated lock on screen.
Nanzeeba Ibnat/iStock/Getty Images Plus

Here is a roundup of some of the most recent publicly disclosed cyberattacks on schools:

Prince George’s County Public Schools, Md.

About 4,500 users were impacted by a cyberattack on the Prince George’s County public schools that was detected on Aug. 14, according to the school district. The district—the second-largest in Maryland—is working with cybersecurity experts, government officials, and law enforcement to determine the full extent of the attack. For now, it appears that the district’s main business and student-information systems were not affected. The district said it will contact those who are affected in the coming days and is requiring all users to reset their passwords.

New Haven Public Schools, Conn.

The New Haven school district in Connecticut lost more than $6 million after hackers appeared to have gained access to the email account of the district’s chief operating officer, according to the New Haven Register. The hackers monitored the email correspondence between the COO and vendors and eventually impersonated both in order to divert district payments to its school bus contractor and a law firm to fraudulent accounts. So far, $3.6 million has been recouped.

Minneapolis Public Schools

In March, thousands of files purportedly stolen from the Minnesota district were published on the internet days after a cyber gang announced the school system had missed its deadline to pay a $1 million ransom demand. The files included campus rape cases, child-abuse inquiries, student mental health crises, and suspension reports, The 74 reported. The ransomware attack began in February and affected many of the district’s systems—from the ability to log onto the internet from school buildings to badge access to building alarms.

MOVEit breach

MOVEit is a file-transfer platform used by thousands of governments, financial institutions, and other public- and private-sector organizations around the world. In May, the platform was hacked in a breach believed to have affected at least 161 U.S. schools, according to Brett Callow, a threat analyst for cybersecurity company Emsisoft. In the education sector, some of the MOVEit breach victims include Teachers Insurance and Annuity Association of America, Teachers Retirement System of Georgia, the New York City public schools, and the Minnesota education department.

Other breaches:

  • Cleveland City schools in Tennessee were targeted in a cyberattack on Aug. 15, but the district said less than 5 percent of staff devices were affected. The district said there’s no indication that student, faculty, or parent data have been compromised, according to local reporting.
  • St. Landry Parish schools in Louisiana were hacked in late July, but it’s unclear how much and what kinds of data the hackers accessed. An Aug. 2 press release from the district noted that its student- and employee-information systems were not part of the network compromised.
  • In June, the student-information and payroll systems of the Lebanon school district in New Hampshire were taken offline following a cyberattack. Students weren’t able to access their final grades until July, according to Valley News.

See Also

Image shows a glowing futuristic background with lock on digital integrated circuit.
iStock/Getty Images Plus
Privacy & Security Explainer School Cyberattacks, Explained
Alyson Klein, February 11, 2022
12 min read

Related Tags:

Events

This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
Budget & Finance Webinar
Innovative Funding Models: A Deep Dive into Public-Private Partnerships
Discover how innovative funding models drive educational projects forward. Join us for insights into effective PPP implementation.
Content provided by Follett Learning
Budget & Finance Webinar Staffing Schools After ESSER: What School and District Leaders Need to Know
Join our newsroom for insights on investing in critical student support positions as pandemic funds expire.
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
Student Achievement Webinar
How can districts build sustainable tutoring models before the money runs out?
District leaders, low on funds, must decide: broad support for all or deep interventions for few? Let's discuss maximizing tutoring resources.
Content provided by Varsity Tutors for Schools

EdWeek Top School Jobs

Teacher Jobs
Search over ten thousand teaching jobs nationwide — elementary, middle, high school and more.
View Jobs
Principal Jobs
Find hundreds of jobs for principals, assistant principals, and other school leadership roles.
View Jobs
Administrator Jobs
Over a thousand district-level jobs: superintendents, directors, more.
View Jobs
Support Staff Jobs
Search thousands of jobs, from paraprofessionals to counselors and more.
View Jobs

Read Next

This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Sponsor
Privacy & Security Quiz
Quiz Yourself: How Much Do You Know About Cybersecurity For Schools And Districts?
Answer 6 questions about actionable cybersecurity solutions.
Content provided by FlexPoint Education Cloud
Privacy & Security What Schools Need to Know About These Federal Data-Privacy Bills
Congress is considering at least three data-privacy bills that could have big implications for schools.
5 min read
Photo illustration of a key on a digital background of zeros and ones.
E+
Privacy & Security A New Federal Taskforce Targets Cybersecurity in Schools
The “government coordinating council" aims to provide training, policies, and best practices.
3 min read
Illustration of computer and lock.
iStock / Getty Images Plus
Privacy & Security Q&A Why One Tech Leader Prioritizes Explaining Student Data Privacy to Teachers
Jun Kim, the director of technology for an Oklahoma school district, helped build a statewide database of vetted learning platforms.
3 min read
Jun Kim, Director of Technology for Moore Public Schools, poses for a portrait outside the Center for Technology on Dec. 13, 2023 in Moore, Okla.
Jun Kim, is the director of technology for the Moore school district in Moore, Okla., He has made securing student data a priority for the district and the state.
Brett Deering for Education Week