8 Major Cyber Attacks Against Schools and Colleges

Share :

They may not end up in the headlines like breaches in other industries, but schools, colleges, and universities are also highly targeted by today’s threat actors and constantly under attack.

According to Verizon’s 2022 Data Breach Investigations Report, the educational services sector experienced 1,241 incidents in 2021, with 282 involving confirmed data disclosure. Of those attacks, 75% were from external sources, while the remainder involved insiders. These attacks were overwhelmingly motivated by monetary rewards, with 95% involving a financial motive. 

As the following cases show, ransomware is now particularly problematic for the educational sector, with institutions of all sizes around the globe experiencing ransomware attacks with varying degrees of severity and cost. These attacks often lead to class cancellations, extensive remediation expenses, reputational damage, and lingering questions regarding an institution’s ability to repel subsequent attacks.

What’s more, in the aftermath of a ransomware attack, leaders of educational institutions face scrutiny from faculty, students, and public officials. 

Here’s an overview of recent attacks that landed schools, colleges, universities, and their business partners in the news for all the wrong reasons. 

8 Notable Cyber Attacks Against Schools and Colleges

8. University of Hertfordshire, Hatfield, England

In April 2021, a cyber attack crippled the University of Hertfordshire, affecting all of the university’s computer systems, including cloud-based resources such as Office 365, Microsoft Teams, and Zoom. 

  • Cyber attack type: Unknown 
  • Location: Hatfield, England 
  • Cost: Not disclosed 
  • People affected: Not disclosed 

Most classes resumed five days after the attack and access to the university’s IT and cloud-based services was restored.

7. Howard University, Washington, D.C.

A ransomware attack forced Howard University to cancel online and hybrid classes in September 2021. The university’s response included shutting down its campus Wi-Fi. Days after the attack, online and hybrid classes remained canceled, and the university’s Wi-Fi was still offline. 

  • Cyber attack type: Ransomware 
  • Location: Washington, D.C. 
  • Cost: Not disclosed 
  • People affected: Not disclosed   

In the aftermath, Howard’s IT department took steps to strengthen the university’s defenses, including hiring additional professionals. Faculty and staff were required to reset their passwords and comply with complex password requirements. The university also upgraded its cloud-based security, deployed upgraded routers and connectors, and installed a new wireless network.

6. University of California, Los Angeles

In a December 2020 attack, hackers exploited a vulnerability in third-party software to insert ransomware and extract personal data from government agencies, businesses, and educational institutions, including the University of California. 

  •  Cyber attack type: Ransomware 
  • Location: Los Angeles, CA 
  • Cost: Not disclosed 
  • People affected: 300 organisations 

In late March 2021, the perpetrators leveraged the stolen personal data to engage in mass mailings and the posting of data online to blackmail individuals and companies into paying up. 

In response, the university system created a webpage to address the needs and provide answers to those impacted by the hack. It also transitioned to a more secure file transfer solution, cooperated with the FBI to conduct an investigation, and engaged third-party security consultants to investigate the breach.

5. Finalsite, Glastonbury, Connecticut

A ransomware attack against Finalsite, a webhosting service provider for the education sector, resulted in websites for approximately 5,000 schools and colleges going offline. 

  • Cyber attack type: Ransomware 
  • Location: Glastonbury, CT 
  • Cost: Not disclosed 
  • People affected: 5,000 schools and colleges 

The company was able to identify the attacker but declined to share their identity or how they compromised the company’s defenses. Finalsite also refused to say whether the firm or its insurance company had paid a ransom. According to Finalsite, the attack did not compromise school data.  

4. Broward County Public Schools, Florida

An attack on 7 March 2021, exposed the personal information of approximately 50,000 students and employees of the Broward County public school system, including names, dates of birth, Social Security numbers, and healthcare-related information. 

  • Cyber attack type: Ransomware 
  • Location: Broward County, FL 
  • Cost: Not disclosed 
  • People affected: approx. 50,000 

The perpetrators demanded a ransom of $40 million to relinquish control of the school system’s data, which officials declined to pay. The district did not release details regarding the attack to protect “the integrity of our data security.”

3. Illuminate Education, New York City, New York

In January 2022, cybercriminals targeted the school management platform Illuminate Education and gained access to a database containing personal information on more than 820,000 current and former NYC students. The attack took the New York public school system’s online grading and attendance system offline for several weeks. 

  • Cyber attack type: Not disclosed 
  • Location: New York City, NY 
  • Cost: Not disclosed 
  • People affected: 820,000 

In the aftermath of the attack, several government agencies were asked to investigate Illuminate Education’s response to the breach and whether it notified those whose data was compromised in compliance with the state’s breach notification laws. Officials also requested an audit of the company, including steps taken to improve its cybersecurity program.

2. Michigan State University

A cyber attack involving NetWalker ransomware targeted Michigan State University in May 2020. A blame game followed. The university’s IT department alleged that attackers gained access when IT employees in the physics department failed to install a patch for a virtual private network (VPN). However, the department’s IT team said it was not to blame, indicating that it lacked resources and direction from the central IT department. 

  • Cyber attack type: NetWalker ransomware 
  • Location: East Lansing, Michigan 
  • Cost: $1 million 
  • People affected: Not disclosed 

Shortly after the breach became public knowledge, the university announced it would not pay the attacker’s ransom. In response to the attack, the university has centralised IT resources. It also instituted additional protections, including supporting VPNs via the university’s central IT department, employing multi-factor authentication, and restricting user access.

1. University of California, San Francisco

Another NetWalker ransomware attack in June 2020 involving the University of California, San Francisco (UCSF) medical school let cybercriminals encrypt data stored on the school’s servers. 

  • Cyber attack type: NetWalker ransomware 
  • Location: San Francisco, CA 
  • Cost: $1.14 million 
  • People affected: Not disclosed 

An anonymous tip to the BBC allowed journalists to observe the university’s ransom negotiations. The criminals agreed to accept $1,140,895 paid via 116.4 bitcoins when the negotiations concluded. In exchange, UCSF received decryption software to unlock its data. 

How Educational Institutions Can Stay Protected from Cyber Attacks

As the digital footprint of educational institutions expands to meet both face-to-face and remote learning needs, the threat posed by cybercriminals, particularly those who are adept at ransomware attacks, continues to grow. 

Surviving a ransomware attack or any form of cyber attack requires access to customised security solutions with the ability to adapt as the needs of the organisation evolve, backed by a 24×7 team of experts who have eyes on glass and are available on demand at all times. 

Learn more about how Arctic Wolf helps schools, colleges, and universities protect their students, faculty, and infrastructure from increasingly sophisticated and determined hackers and cybercriminals. 

Further Reading

The K-12 Cybersecurity Checklist

For More on Major Industry Cyber Attacks

Arctic Wolf

Arctic Wolf

Arctic Wolf provides your team with 24x7 coverage, security operations expertise, and strategically tailored security recommendations to continuously improve your overall posture.
Share :
Table of Contents