Why Hackers Target School Computer Systems

Last updated: Feb 7, 2023

Imagine a hooded figure rifling through filing cabinets in the principal’s office of your local school, stealing student data, and corrupting staff records.

If that happened, wouldn’t security training be immediately implemented to ensure it doesn’t occur again?

The reality is that cyberattacks are a lot more likely. However, they are just as dangerous and a lot more difficult to prevent.


Cyberattacks on Schools on the Rise

Cyberattacks have been rapidly increasing since 2016, according to K12 SIX, a non-profit organization that releases an annual report on cybersecurity in education.


In 2021, nearly a million students were impacted by 67 ransomware attacks against schools. And, in the last year, 1 in 4 schools were victims of cyberattacks.


Why Hackers Target Schools

Hackers are increasingly targeting schools for several reasons.


Schools Have Limited Protections

The dearth of resources makes schools an easy mark for cybercriminals. IT departments are often small and stretched thin, leaving little time and resources to implement security protocols and protections. Also, staff typically need more cybersecurity training, making schools a soft target for cybercrime like email phishing attacks.  


Loads of Personal Data

School networks contain a vast amount of sensitive personal information for teachers, staff, and students, including names, addresses, and Social Security numbers. Hackers know that school systems have valuable, confidential data, that they are easily hacked, and that they will pay a lot of money to get the data back — all of which make them ideal targets. Plus, nearly every computer system that stores data relies on some online network capable of being hacked, providing many opportunities for hackers.


Remote Learning

The rapid transition to online learning during COVID-19 created more doors for hackers to infiltrate computer networks. Districts became much more reliant on technology, handing out millions of digital devices for remote learning, dramatically increasing their use of online programs and apps, and setting up Wi-Fi hotspots around their communities for students.


From software programs to unvetted apps downloaded without passing through security protocols and installed outside the school’s standard operating procedures during lockdown, remote learning has only made schools a more vulnerable target for hackers.

A female wearing a headset trying to stop hackers from hacking the school computer system.

Who is Responsible for the Cyberattacks?

Both internal and external members share the responsibility for cyberattacks. From a teacher clicking on a phishing email to a student looking to cheat, there are many ways cybersecurity issues can take place.


  • School staff: Teachers, administrators, and school board members who lack training inadvertently share personal data and credentials.
  • Students: Tech-savvy students are either circumventing cybersecurity controls or are using legitimate access to school IT to disrupt, cheat and cause others harm.
  • School suppliers and vendors: Inadequate security practices during product or service implementation can cause security issues.
  • Online criminals: Cybercriminals looking to benefit from weak school district cybersecurity controls by stealing data or extorting money. These hackers generally pursue soft targets, like schools, with mass phishing campaigns and broad-based internet scans or specifically target school districts.


What Kinds of Cybercrimes are Taking Place?

Cybercrimes can take a variety of forms. Some common attacks include:


Data Breach

In this type of cyberattack, a hacker breaks into a school or district’s system and copies, steals, changes, views, or transmits the data. The hacker may then sell student and staff data.


School districts and vendors are routinely the subjects of data breaches and leaks that involve confidential information of students and staff. School district vendors are one significant source of data breaches and leaks. Other common sources include school district staff, school board members, and students who inadvertently share personal information.


Unfortunately, student information can be especially vulnerable because parents rarely conduct credit checks for their children, so the fraud may not be discovered for years, according to Rod Russeau, director of technology and information services for Community High School District 99.


33% of publicly disclosed K-12 cyber incidents in 2021 were student data breaches, while 16% were some other type of data breach, according to K12 Six.



Ransomware attacks comprised the majority (62%) of the publicly disclosed K-12 cyber incidents in 2021, according to K12 Six. In these attacks, cybercriminals break into a school or district’s network, take data, and encrypt it, thereby preventing the school or district from accessing it. They then essentially hold the data for “ransom,” offering to decrypt and return it if the school or district pays a ransom, which can be hundreds of thousands of dollars. If the district doesn’t have a backup version of the data, or if the hacker goes after the backup data, districts don’t have the option to restore their own system.


Hackers may also threaten to release student and staff data to the public if the ransom isn’t paid. For example, in 2021, hackers published nearly 26,000 stolen files from Florida’s Broward County School District when the district offered to pay a smaller sum than the $10 million requested.


Ransomware attacks can lead to school cancelations, among other issues. Recently, Des Moines Public Schools cancelled classes for several days after a ransomware attack on the district’s servers. The attack not only affected access to important student documents, but it also impacted bus routing and food and nutrition systems.

A school computer system hacked with a ransomware attack.

Denial of Service

Hackers inundate a district’s network by flooding it with meaningless requests until it can’t respond and completely crashes. The result is that parents, students, and staffers can’t use online accounts, email, and websites. Denial-of-service attacks comprised 8% of the publicly disclosed K-12 cyber incidents in 2021, according to K12 Six.


Sometimes, this type of attack will be carried out by a student looking for a day off from school or a disgruntled employee that hires someone to carry out the attack.


What is the Impact?

In short, cyberattacks on school districts results in a lot of wasted time and money. Schools often must close during a cyberattack, which means that students lose out on the opportunity to learn — and the school loses a lot of money.


Also, the risk for students is significant. NBC News found that in 2021, ransomware gangs published data from more than 1,200 American K-12 schools, including pieces of data like Social Security numbers and birthdays, setting up children for a lifetime of potential identity theft.


How Can Schools and Districts Protect Themselves?

Districts and schools should start with a risk assessment to identify what risks exist and the gaps in protocols and procedures. From there, they can create a technology and communications strategy for responding to different cyberattacks.


School districts should also back up all data and implement multi-factor authentication for staff and employees to mitigate the risk.


Finally, educating employees on cybersecurity best practices is a must. From password best practices to how to spot phishing emails, training on the basics and reporting policies is essential at the ground level. Organizational leaders, employees, students and parents should all be a part of cybersecurity training.


Cyberattacks on Soft Targets

Cyberattacks on soft targets, like schools, hospitals, local governments, and colleges will continue to rise. Training is critical as a line of defense against cybercrime.


USF’s online course, Securing the Vulnerable: Threat Mitigation for Communication Infrastructure, was created so that organizational leaders can learn strategies to create a comprehensive protection plan. In this course, students will discover how to assess a soft target and develop a tailored action plan for hardening the facility, organization, or event.


Learn More