Why cybercriminals are increasingly targeting public schools

When Minneapolis Public Schools were hacked last year, many parents didn’t understand how much was at risk.

“It felt really, really overwhelming,” recalled local parent Rachael Flanery. “I put my head back in the sand, and I kind of was in the mindset of, well, if there’s a knock on my door and [someone] tells me my 7-year-old just bought a boat, I’ll show him where he is!

“And hopefully it won’t be hard to get the charges reversed.”

When public schools are hacked, everything from students’ identities to disciplinary records to medical histories are at risk.  

When Minneapolis Public Schools refused to pay a $1 million ransom, hundreds of thousands of files about its 36,000 students were dumped online. The files contained highly private information about sexual assaults, hospitalizations, abusive parents and suicide attempts. 

Similar data breaches in New York and Los Angeles school districts have violated the rights of thousands of students.  

Unfortunately, public schools are an easy and common target for cybercriminals.  

EdTech Magazine calls K-12 schools “notoriously vulnerable to cyberattacks, especially ransomware.”  

Criminals can easily use fake emails to phish educators or take advantage of insecure devices, which are common in schools. Poor security practices make schools even more vulnerable.  

It’s estimated 87% of education institutions have experienced at least one successful cyberattack, and 80% of school IT professionals reported their schools being hit by ransomware in a single year.  

Other reports found education to be among the most popular sectors for cyberattacks, even above healthcare and finances.  

“As it turns out, the identity information of children is actually more valuable to [cybercriminals] than that of adults,” Doug Levin, director of K12 Security Information eXchange, told NPR.  

Hackers can use a child’s identity to take out loans and rack up debt, wrecking their credit score in the process, Levin explained.  

Minneapolis mother Celeste Gravatt locked her children’s credit to prevent that, but still felt vulnerable.  

“I’m not what I would call a tech savvy person,” she told NPR. “So I do wonder, like, if somebody were to obtain information that they shouldn’t have, would I even know till it was too late? I don’t know.”