Detroit district promises ‘additional security measures’ after phishing email sent to students 

Beware of emails offering “free money” or prizes – or job opportunities at your local school, a Detroit district is warning the community after students received a recent phishing email.

“In a letter to families, (Southfield Public Schools) says the email was titled, ‘Employment Program,’ and appeared to come from a staff member,” explains the local CBS affiliate. “However, the district says further investigation determined no staff member sent the email.”

The district, which served more than 4,600 students in the 2023-24 academic year, is requiring all student accounts to change passwords after the incident. 

“Our technology team identified and isolated the source of the phishing message, removed the email from students’ inboxes, and began implementing additional security measures to prevent similar messages in the future,” the letter to families read. 

Cybersecurity increasingly compromised at schools nationwide 

Detroit joins a growing number of districts targeted by cybercriminals, who often view educational institutions as a “prime target” in storing such information as health records, intellectual property and home addresses. 

“The trove of sensitive information stored on an educational institution’s servers makes it a prime target for cybercriminals,” a report by cybersecurity group KnowBe4 concluded. “While they may not be the most lucrative victims, there are several factors that make intrusion and extortion for ransom easier than organizations or institutions that are financially stronger and better-equipped sectors.” 

In one recent example, Broken Bow Public Schools in Nebraska lost $1.8 million after falling victim to a phishing email appearing to come from a trusted vendor used in an ongoing construction project. 

“We are committed to keeping our community informed and to taking every possible step to safeguard public funds,” the district said in a statement. “Broken Bow Public Schools takes full responsibility for the fact that these safeguards were not in place, as well as full responsibility for this unfortunate circumstance.” 

Meanwhile, cyber incidents are “becoming more sophisticated, more frequent and more damaging” with 82% of K-12 organizations affected in 2025, according to The Center Square. 

“Schools are really central to a community. So when they’re impacted, it’s far beyond just kids in classrooms,” said Randy Rose, vice president of security operations and intelligence at the Center for Internet Security. 

“We’re talking about their kids who only eat when they’re in school. So if they’re out of school, there’s no food. There are parents whose lives are disrupted because they’re unable to work, and a lot of those parents don’t have jobs where they can take time off. So if they’re not working, they’re not making money, which has an impact on the local economy.” 

While district insurance can handle some costs related to cyber attacks, they fall short of bigger expenses such as recovery and restoration, according to Rose. 

“Insurance will cover things like initial incident response. In some cases, they’ll cover ransomware payments. Sometimes they won’t,” he said. “Sometimes they’ll require you to have a particular provider that does ransomware negotiations with the actors. But sometimes they stop short of actual recovery and future implementation.” 

As a result, taxpayers typically make up the difference between the expenses incurred by schools and insurance coverage, Rose observed.  

“If you’re having to pay massive amounts of money for restoration and ransomware payments,” he said, “guess whose taxes are going to go up next?”