« SXSW EDU Canceled Due to Coronavirus Threat, AERA Goes Virtual; Other Ed. Conferences Uncertain | Main | 6 Lessons Learned About Remote Learning During the Coronavirus Outbreak »

Cyber Attacks on Schools Tripled in 2019, Report Finds


The frequency and severity of K-12 cyber-attacks is dramatically on the rise, according to a report released recently by the K-12 Cybersecurity Resource Center.

During calendar year 2019, the center cataloged 348 publicly-disclosed school cyber incidents. That includes malware outbreaks, phishing attacks, denial of service attacks, and more. That's more than three times the number of similar incidents during 2018.

So why the uptick? The report suggests that it's due partly to schools' greater reliance on technology for everything from teaching and learning to day-to-day operations.

cyber snip.PNG

Schools were most likely to experience data breaches and other unauthorized disclosures. In fact, these made up 60 percent of all catalogued incidents. Most of these breaches included data about school staff, which can lead to identity theft and fraud.

About half of the data breaches were due to actions of school vendors, regional service agencies, non-profits, or state departments of education. Another 9 percent were thanks to school staff or students. (The report doesn't delve into how the others originated.)

The second most prevalent type of attack: Malware, which accounts for 28 percent of incidents, or roughly double the number of 2018. Malware, which can cause serious outages, prompted individual schools in Alabama, Arizona, New Jersey, New York, and Ohio to close, according to the report.

Another 8 percent of attacks involved "phishing" schemes. Those can happen when a hacker sends a mass email to staff, pretending to be a district official and asking, for instance, for help in purchasing gift cards. But emailers can also go after employee payroll information, in order to steal employees' identity and tax information.

Schools that experienced cyber attacks in 2019 were more likely to be in densely-populated areas (like suburbs and cities) and have big student populations. Rural schools, particularly in the central U.S., were less likely to experience attacks. Bigger districts have more technology and more people using it, therefore more vulnerability. And rural districts may be less likely to report attacks.

The report suggests that districts can protec themselves by investing in greater IT security capacity, particularly through training. It also recommends that federal and state governments enact regulations for basic rules to keep data safe and secure, also known as "cyber hygiene,"  invest in cyber security tools specific to K-12, and boost cyber security information sharing and research.

Images: Getty, K-12 Cybersecurity Resource Center

Don't miss another Digital Education post. Sign up here to get news alerts in your email inbox.

Notice: We recently upgraded our comments. (Learn more here.) If you are logged in as a subscriber or registered user and already have a Display Name on edweek.org, you can post comments. If you do not already have a Display Name, please create one here.
Ground Rules for Posting
We encourage lively debate, but please be respectful of others. Profanity and personal attacks are prohibited. By commenting, you are agreeing to abide by our user agreement.
All comments are public.

Follow This Blog


Most Viewed on Education Week



Recent Comments

  • reflections apartments: AIMCO and cock roaches read more
  • reflections casselberry: AIMCO and cock roaches read more
  • tworzenie stron internetowych RzeszĂłw: As I web site possessor I believe the content matter read more
  • reflections apartments: http://www.youtube.com/watch?v=_lyhMey4CVE read more
  • Free Twitter Marketing: My Brother just mentioned this website to me, and told read more