Privacy & Security

7 Data Breaches That Left Schools in the Lurch

By Lauraine Langreo — August 17, 2023 3 min read
Conceptual photo of blue locks and red locks that are "unlocked" and each placed in a honeycomb grid.
  • Save to favorites
  • Print

Schools’ increasing reliance on digital technology, coupled with insufficient resources to defend their networks, has made them more vulnerable to cyberattacks.

There were 1,619 publicly disclosed cyberattacks on schools between 2016 and 2022, according to K12 Security Information Exchange, a nonprofit focused on helping them prevent such assaults. And 80 percent of school IT professionals in a recent survey reported that they had been hit by a ransomware attack in the past year. School IT professionals were more likely than their counterparts in other industries to report that they had experienced such attacks.

These attacks are costly, not just in terms of how much money districts shell out to regain control of their network and systems but also in terms of how much learning time students lose while systems are down.

See Also

Conceptual illustration of computer with a pixelated lock on screen.
Nanzeeba Ibnat/iStock/Getty Images Plus

Here is a roundup of some of the most recent publicly disclosed cyberattacks on schools:

Prince George’s County Public Schools, Md.

About 4,500 users were impacted by a cyberattack on the Prince George’s County public schools that was detected on Aug. 14, according to the school district. The district—the second-largest in Maryland—is working with cybersecurity experts, government officials, and law enforcement to determine the full extent of the attack. For now, it appears that the district’s main business and student-information systems were not affected. The district said it will contact those who are affected in the coming days and is requiring all users to reset their passwords.

New Haven Public Schools, Conn.

The New Haven school district in Connecticut lost more than $6 million after hackers appeared to have gained access to the email account of the district’s chief operating officer, according to the New Haven Register. The hackers monitored the email correspondence between the COO and vendors and eventually impersonated both in order to divert district payments to its school bus contractor and a law firm to fraudulent accounts. So far, $3.6 million has been recouped.

Minneapolis Public Schools

In March, thousands of files purportedly stolen from the Minnesota district were published on the internet days after a cyber gang announced the school system had missed its deadline to pay a $1 million ransom demand. The files included campus rape cases, child-abuse inquiries, student mental health crises, and suspension reports, The 74 reported. The ransomware attack began in February and affected many of the district’s systems—from the ability to log onto the internet from school buildings to badge access to building alarms.

MOVEit breach

MOVEit is a file-transfer platform used by thousands of governments, financial institutions, and other public- and private-sector organizations around the world. In May, the platform was hacked in a breach believed to have affected at least 161 U.S. schools, according to Brett Callow, a threat analyst for cybersecurity company Emsisoft. In the education sector, some of the MOVEit breach victims include Teachers Insurance and Annuity Association of America, Teachers Retirement System of Georgia, the New York City public schools, and the Minnesota education department.

Other breaches:

  • Cleveland City schools in Tennessee were targeted in a cyberattack on Aug. 15, but the district said less than 5 percent of staff devices were affected. The district said there’s no indication that student, faculty, or parent data have been compromised, according to local reporting.
  • St. Landry Parish schools in Louisiana were hacked in late July, but it’s unclear how much and what kinds of data the hackers accessed. An Aug. 2 press release from the district noted that its student- and employee-information systems were not part of the network compromised.
  • In June, the student-information and payroll systems of the Lebanon school district in New Hampshire were taken offline following a cyberattack. Students weren’t able to access their final grades until July, according to Valley News.

See Also

Image shows a glowing futuristic background with lock on digital integrated circuit.
iStock/Getty Images Plus
Privacy & Security Explainer School Cyberattacks, Explained
Alyson Klein, February 11, 2022
12 min read

Related Tags:


This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Mathematics Webinar
Pave the Path to Excellence in Math
Empower your students' math journey with Sue O'Connell, author of “Math in Practice” and “Navigating Numeracy.”
Content provided by hand2mind
This content is provided by our sponsor. It is not written by and does not necessarily reflect the views of Education Week's editorial staff.
Recruitment & Retention Webinar
Combatting Teacher Shortages: Strategies for Classroom Balance and Learning Success
Learn from leaders in education as they share insights and strategies to support teachers and students.
Content provided by DreamBox Learning
Classroom Technology K-12 Essentials Forum Reading Instruction and AI: New Strategies for the Big Education Challenges of Our Time
Join the conversation as experts in the field explore these instructional pain points and offer game-changing guidance for K-12 leaders and educators.

EdWeek Top School Jobs

Teacher Jobs
Search over ten thousand teaching jobs nationwide — elementary, middle, high school and more.
View Jobs
Principal Jobs
Find hundreds of jobs for principals, assistant principals, and other school leadership roles.
View Jobs
Administrator Jobs
Over a thousand district-level jobs: superintendents, directors, more.
View Jobs
Support Staff Jobs
Search thousands of jobs, from paraprofessionals to counselors and more.
View Jobs

Read Next

Privacy & Security Biden Administration Announces Cybersecurity Initiative for K-12 Schools
K-12 schools have become a big target for hackers in recent years and the cyberattacks are more sophisticated than ever.
4 min read
Special Report Cybersecurity
Privacy & Security Districts, Take Note: Privacy Is Rare in Apps Used in Schools
Not protecting students' data privacy can cause real-world harms.
4 min read
PC tablet with cloud of application icons floating from off the screen.
Privacy & Security Most Tech Companies Profit Off Student Data, Even If They Say Otherwise, Report Finds
Nearly three-quarters of the most popular apps and online platforms likely profit from user data, according to Common Sense Media.
2 min read
Low angle view of a blue padlock made to resemble a circuit board and placed on binary computer code background
Privacy & Security Newly Proposed Grants Could Help Districts Extinguish a Cybersecurity '4-Alarm Fire'
School districts could apply for grants to protect against the mounting threat of cyberattacks, FCC chairwoman says.
5 min read
Illustration of cloud computing and lock.
iStock / Getty Images Plus