Why Are Hackers Targeting Young Students?
. Posted in Middle School, News, Technology - 0 Comments
When Celeste Gravatt first heard about a data breach in her kids’ school system in February 2023, it sounded innocuous. “I didn’t really think anything of it at first,” Gravatt says. Officials at Minneapolis Public Schools called it a “system incident,” then “technical difficulties,” and finally, “an encryption event.” She says it was only when she checked social media that she realized the true extent of the attack, and what it could mean for her kids. Minneapolis Public Schools had been hit by what experts describe as one of the most devastating cyberattacks ever. Hackers stole district data, including files where children were identifiable, and then demanded the district pay a ransom for it.
When district officials refused, the hackers released the data online. It included Social Security numbers, school security details and information about sexual assaults and psychiatric holds. Minneapolis Public Schools did not make any officials available for an interview. In a written statement, the district said it sent written notice of the attack to more than 105,000 people who may have been impacted by it.
“This breach was actually really huge,” Gravatt says. “And it wasn’t just school records. It was health records, it was all sorts of things that should be privileged information that are now just out there floating around for anybody to buy.” It’s an example of a growing nationwide trend in which hackers are targeting a surprising group of people: young public school students. As school districts depend more on technology, cyberattacks against those systems, and the sensitive data they store, are on the rise. While it’s hard to know exactly how many K-12 school systems have been targeted by hackers, an analysis by the cyber security firm Emsisoft found 45 districts reported they were attacked in 2022. In 2023, that number more than doubled, to 108. The consequences of these data breaches can follow students well into adulthood.
School system data – which can include discipline information, special education records, medical histories and more – can be held hostage, with hackers threatening to release sensitive information if districts don’t pay a ransom, as they did in Minneapolis. The data can also be used to steal a child’s identity.
“As it turns out, the identity information of children is actually more valuable to them than that of adults,” says Doug Levin, director of the K12 Security Information eXchange, a nonprofit that helps protect school districts from cybersecurity risks. He says stealing a child’s identity may seem counterintuitive because they don’t have resources of their own, but it can cause “a lot of havoc.” Parents don’t necessarily monitor their children’s credit and bad actors can easily open up bank accounts, rack up debt and apply for loans in a child’s name. “And as a result, cyber criminals can abuse the credit records of minors for many, many years before the victims learn about it,” Levin says.
There’s a misconception that the only sensitive data schools have are “Johnny and Susie’s algebra grades,” Levin says. It’s actually so much more. Districts have data on everything from a child’s allergies and suspensions to household income and court orders. “School systems’ educators can be a little bit like pack rats,” Levin explains. “And so there’s a lot, a lot of information that is collected over time, and it’s often not deleted when it’s no longer necessary.”
Advocates also point out that Black and brown students are especially vulnerable when a school system gets hacked. For example, according to a report by the Minnesota Department of Human Rights, Black students in the state are eight times more likely than a white student to be suspended or expelled. “So that also means that more of their information is being input into the system,” says Marika Pfefferkorn. She co-founded the Twin Cities Innovation Alliance to educate and empower parents about how data collected about their children could be misused. Pfefferkorn says the more information collected on a student – whether it’s about housing, custody or free lunch – the more vulnerable they are after a data breach.
This article originally appeared here.