ACID Technologies provides the education sector with cost-effective 24/7/365 dark web monitoring services, while also monitoring the deep web and multiple additional sources and platforms. When detecting a threat, ACID sends real-time, actionable alerts with all available information, to enable the targeted educational institute to effectively respond to the threat and mitigate its harmful impact.

What makes the education sector attractive to cyber attackers?

Cybercriminals, aware that educational institutions, from K-12 to universities, hold vast amount of personally identifiable information (PII) of students, parents, guardians, faculty and staff, as well as other valuable data (medical information, other), identify them as attractive targets.

To illustrate this with two of many examples: The theft of information was at the center of the attack on Michigan University in August 2023 and Stanford University in October 2023. In the former, the sensitive personal information of some 230,000 students, alumni, and employees was stolen, and in the latter, the Akira ransomware gang claimed to have taken possession of 430 GB of the university’s “private information and confidential documents”.

The lack of sufficient effective cybersecurity safeguards in many educational institutions also contributes to the attractiveness of the education sector, as it increases the chances of success of attacks.

How common are attacks against educational institutions?

Nearly two-thirds of education facilities reported having been targeted in cyber attacks in 2024, often in ransomware attacks, forcing them to pay millions on average to restore their operation. Among K-12 school specifically, the incidence of cyber attacks is more than one per day (Varonis).

In Verizon’s 2024 Data Breach Investigation Report, it revealed that in 2023 the educational services sector sustained 1,780 incidents, with 1,537 involving confirmed data disclosure. When compared with data from the previous year, the rate of increase in the number of incidents is 258%, and a jaw-dropping rate of 545% in the amount of data disclosure. It is believed that this increase is most likely attributable to the MOVEit transfer vulnerability, which impacted some 900 schools in the USA.

Lower education schools: Sophos found that these had the highest individual rate of attack of any industry in 2023 – 8o%, and that 95% of the attackers in attacks sustained in 2024 focused on compromising backups. The company added that the mean ransom paid by them was $7.46 million, which is the highest sum among all sectors.

Higher education institutes: According to data published on the Prey Project website, higher education facilities were confronted with a whopping 70% surge in ransomware incidents in 2024, as compared with 2023.

With ACID’s cost-effective solution, lower education schools and higher education institutes will reduce their risks of ransomware and other cyber attacks, and potentially avoid them altogether, at a cost immeasurably lower than the ransom cybercriminals demand.

What increases the vulnerability of K-12 schools to cyber attacks?

The vulnerability of K-12 schools is influenced by a number of factors:

• Insufficient financial and IT resources, which impedes the implementation and maintenance of more modern and effective cybersecurity safeguards.
• The use of outdated technologies, which are less secure, and also encumber the enhancement of security protocols.
• Regulatory compliance – regulations are amended from time to time, and in order to be met require policy and procedure updates. In the USA specifically, educational institutions are required to comply with FERPA, the Family Educational Rights and Privacy Act that gives parents the right to have access to their children’s education records, the right to seek to have the records amended, and the right to have some control over the disclosure of personally identifiable information from the education record. Not all K-12 schools have the resources (manpower, time, knowledge) to manage these updates properly and in a timely manner.
• Rapid integration of digital tools, when unaccompanied by proper training.
• Use of personal devices by students, when there are no policies and procedures in place to ensure that when connecting alternately to secure networks at school and then to public networks which are not secure, and back again, does not leave the door open to cybersecurity risks.

What increases the vulnerability of institutes of higher education to cyber attacks?

Institutes of higher education are attractive targets for cybercriminals not only because of the immense quantity of personal data they store, but also because of the research they conduct and the appeal of gaining access to hard-gained intellectual property.

The cybersecurity challenges confronting institutes of higher education are influenced by some factors that are unique to them, and others that are shared with educational institutions in general. Some of these, as detailed on the Prey Project website, include:

• Wider network access points – as these institutions are required to manage multiple entry points which increase the risk of unauthorized access.
• Numerous users and devices accessing the networks, including not only students and faculty, but also other staff and visitors.
• Advanced Persistent Threats (APTs), perpetrated by highly skilled attackers, who are often state-sponsored or backed by criminal organizations with considerable resources at their disposal, and characterized by their persistent nature and stealth.
• Regulatory compliance, which in universities are particularly strict and necessitate robust cybersecurity networks. In the USA, this includes compliance with the Family Educational Rights and Privacy Act (FERPA) – a federal law that affords students from the age of 18 the right to have access to their education records, the right to seek to have their records amended, and the right to have some control over the disclosure of personally identifiable information from the education record.
• Budget constraints, which universities suffer from as well, although these are often not as severe as in K-12 schools.
• BYOD – the “bring your own device” trend, which opens new opportunities for persons with ill intent to exploit vulnerabilities and necessitates the rigorous enforcement of specific policies and protocols.

What are some recent examples of cyber attacks that targeted educational institutions?

A few of the recent cybersecurity incidents include:

• In January 2025, Oklahoma University revealed: “The University recently identified unusual activity on our IT network. Upon discovery, we isolated certain systems and are investigating the matter. As part of this ongoing process, measures are being implemented across our network.” The cybercrime group Fog claimed that it had stolen 91 MB of data from the university. According to experts, the group has targeted education institutions in the past as well, by exploiting VPN credentials.
• In September 2024, a cyber attack forced the Highline K-12 public school system in the area of Seattle, Washington to suspend the educational activities it provides to its 17,000 students for two days. It issued a statement: “We have detected unauthorized activity on our technology systems and have taken immediate action to isolate critical systems. We are working closely with third-party, state, and federal partners to safely restore and test our systems.”
• In November 2024, the Waterford Campuses of the Irish South East Technological University were targeted in a significant cyber attack, leaving it with no access to online facilities, and forcing it to cancel classes for a day.
• In August 2024, the University of Paris-Saclay was the victim of a ransomware attack. While the prestigious university did not provide details, it is known that its website was inaccessible for at least three days. It issued a statement that it is supported by the National Agency for the Security of Information Systems (ANSSI) in dealing with the attack.
• In August 2024, the Mobile Guardian platform was breached and data from at least 13,000 student’s iPads and Chromebooks were remotely deleted. The attack impacted users in North America, Europe and Singapore. Mobile Guardian is a device management application suite for K-12 schools, which includes device management, easy-to-use classroom management tools, secure web filtering and linked parental controls.