Research indicates that from 2019-2020, ransomware attacks nationwide more than doubled for colleges – and the average cost of these attacks reached roughly $447,000. Schools usually have smaller in-house IT staff and lower cybersecurity budgets, which often forces them to take a reactive approach to cybersecurity. To take a closer look at how this negatively impacts the education industry, we’d like to share some recent cyberattacks in the education sector.
Ransomware Attack on Buffalo Public Schools
In March, Buffalo Public Schools halted remote and in-person instruction for students as a result of a cybersecurity attack. Two months later, the district confirmed that a ransomware attack exposed PII (personally identifiable information). This included student PII such as their names, district ID numbers, birthdates, grade levels, schools, addresses, phone numbers, and parent names. In addition, employee and parent information was exposed along with bank account information for some school vendors.
Outages and Downtime After a Cyberattack on the Affton School District
In February, a cyberattack caused a network outage that forced the closure of in-person classes for the Affton School District. After discovering the attack early in the morning, they realized it affected the network, phone, and internet access across all of the schools. In addition, the cybercriminals had the ability to disable their systems and devices, which even prevented some staff from logging into the network. As a result of the attack, the school district hosted virtual learning for the day.
Haverhill Public Schools Close Due To Ransomware Attack
In Massachusetts, a ransomware attack against Haverhill Public Schools in April caused a multi-day closure for students attending classes in the district. The attack prevented staff from fully accessing WiFi for several days. It also resulted in the cancellation of remote classes for several days.
Cybercriminals Demand $40 million From Broward County Public Schools
In March, the Conti ransomware group executed an attack on Broward County Public Schools and demanded $40 million in ransom after accessing thousands of the school district’s files. The criminals leaked over 25,000 record-keeping files, such as purchase orders, invoices, and travel expenses claim forms. In addition, employee phone lists and PII for one minor student were exposed.
Clover Park School District Investigates Attack
The Clover Park School District is currently investigating a cybersecurity attack that caused a system outage – which impacted thousands as it is the fourth largest school district in Pierce County, Washington, with 24 schools and more than 13,000 students. The district reported that the issue is still under investigation as they work with cybersecurity experts, and they are not releasing many details. However, news reports indicate that the district possibly fell victim to a ransomware attack. Some news outlets report that hackers are boasting about the data that they have obtained as a result of carrying out the cyberattack. The incident has also forced the district to create a temporary district website.