8 Surprising Reasons Hackers Target Schools


Hackers are targeting schools more frequently- millions of dollars are spent on researching the latest healthcare innovations, AI technology and more, which is some of the reasons hackers develop innovative strategies to steal this information. However, when a big business like Facebook or Wells Fargo is targeted by and suffers from a breach, it’s understandable — these companies store massive amounts of data, a lot of which is immediately valuable to hackers. Credit card information, passwords, and Social Security numbers stored en-masse can all be instantly used to breach accounts or steal someone’s identity.

But business organizations aren’t the only entities that are susceptible to and indeed targeted by cyber attacks. An increasing number of educational institutions are falling victim to ransomware attacks that result in data breaches, or in devices being held to ransom.

Why Would Hackers Target Schools?

After all, schools typically store the most data in the form of student records, qualifications, examination results, and so on. As a result, schools don’t necessarily come to mind when you think about places most likely to face a cyberattack. Still, they’re a big target for hackers for a number of reasons.

Why Cyberattacks Target Schools

In 2019, cyberattacks on schools tripled, according to The K-12 Cybersecurity Resource Center — and attacks are ramping up every year. To make matters worse, some experts are concerned that school districts could become even more vulnerable to hackers as they begin to adopt distance learning as a primary means of study.

But what are cybercriminals getting out of such attacks, and what makes academic institutions an often easier target than many of the commercial companies that could be targeted? Here are the surprising reasons that hackers target schools, and why attacks may grow in the future.

1. Student and Teacher Data Holds Value

Schools, in general, hold on to a lot of information about their students — like home addresses, birthdays and full names. While this data may not seem as immediately valuable as credit card details and Social Security numbers, it can still be extremely useful for hackers. It opens the possibility of impersonating friends or family members as part of a phishing attack. Cybercriminals might also leverage this data to replicate students’ or staff members’ identities for financial crime.

Depending on school size and resources, there may be other information hackers would want to steal. For example, large research universities may hold onto valuable information that individual hackers and state actors cab utilize. We only need to look to recent years to understand how significant the problem has become:

  • The UK government’s 2022 Cyber Security Breaches Survey highlighted how a massive 92% of higher education institutions suffered some form of breach in that calendar year
  • In May 2020, the U.K.’s National Cyber Security Centre (NCSC) warned that universities across the country were facing a wave of cyberattacks. They were apparently launched by state-sponsored hackers aiming to steal data related to a potential coronavirus vaccine

In 2019, American universities faced similar threats as hackers attempted to steal research about the development of new maritime military technology.

2. Institutions Often Have Limited Security Protections

Despite large investments in IT and digital learning tech, schools don’t usually have significant resources dedicated to cybersecurity. Some may not even have a staff member devoted to full-time work on cybersecurity. 

Other issues — like a lack of training — may make this problem even worse. According to Education Week and the Consortium for School Networking, 44% of chief technology officers report that their district does not provide cybersecurity training for educators. This leaves schools wide open to phishing attacks. It was also reported that almost 20% of schools are working to convene a cybersecurity team.

This lack of defenses, skilled cybersecurity professionals, and training is why so many hackers are easily able to target schools.

3. Academic Institutions May Use New, Untried Technology

New technology often provides major benefits for educators, such as improved accessibility or access to education techniques that help students with certain learning styles. The right tech vendor will often work with schools to manage new technology and provide the best cyber defenses possible. However, not every school takes advantage of such opportunities, which can result in poor security practices that may make new technologies a serious security liability.

Many schools are ramping up their protections, mostly due to the increase in attacks during the past few years, as noted earlier. Schools also aren’t unique in the pressures they’re facing either. Demand for cyber skills training has grown to the point that there are firms like ThriveDX, which specialize in educating organizations on how they can improve cybersecurity.

These firms are especially concerned with how growing use of new tech — like the shift to remote learning solutions, prompted by the COVID-19 crisis — may make it even harder for schools to keep their networks secure.

Some officials are also reporting an increase of attacks on students’ and teachers’ home networks as they begin remote learning. Unless schools adopt tech that helps defend their staff and students against attacks, remote learning is likely to become a major security vulnerability

4. Attackers Value Email Addresses Ending in .edu

Emails are a valuable resource for hackers who want to stage phishing attacks. The more legitimate and trustworthy an email is, the more useful it will be in launching an attack. By taking over an email account belonging to an institution, cybercriminals can benefit from the credibility that the domain offers to their phishing email.

Still, it’s relatively simple for cybercriminals to get an education domain email address for themselves; many institutions allow anyone to create an account during the course of an application.

5. Academic Staff Often More Exposed to Phishing

According to Expert Insights, staff working within higher education institutions are more likely to fall victim to phishing attacks. Reasons include a lack of security tools, as mentioned above, in addition to a lack of awareness about cyber threats. All it takes is for a single staff member to have a lapse in judgement, and their action can result in malware infecting the entire campus network.

High-value .edu email addresses belonging to staff members are also often published online, which makes it easy for attackers to locate and choose their victims. It’s for these reasons that around 90% of academic breaches begin with an email attack.

hackers target schools, hackers targeting schools

6. Some Institutions Have Paid Ransoms

Ransomware is a kind of malware (malicious software) that quite literally holds a device to ransom. The malicious program locks down a computer until a ransom is paid, under threat of wiping the hard drive or carrying out some other malicious activity.

According to Comparitech, out of 18 ransomware attacks studied, 2 institutions made payment, with one totaling around $547,000. Given the spread of new data privacy laws, with the Attorney General being handed powers to fine institutions in certain states, the cost of paying a ransom is often much lower than the prospective costs involved in a data breach.

However, paying a ransom in such a situation is never the right course of action. According to Sophos’ State of Ransomware 2022 report, colleges that pay ransoms only get around 60% of their data back. What’s more, paying a ransom can make it more likely that cybercriminals will attack in future, as they’ll believe that there is a higher chance of financial gain

A Growing Number of Hackers Target Schools

Statistics from recent years have found that hackers are targeting schools and education systems with increasing frequency. To the uninformed, these targets may not make as much sense as others — like big-name financial institutions and tech companies — but hackers can still benefit financially. What’s more, academic institutions are usually under-defended, poorly equipped to handle common cyberattacks, and hold on to large amounts of valuable data.

Anything from student or teacher names to research results can make a particular school a bigger target, and it’s often very easy for cybercriminals to locate their potential victims, as contact information for education staff is widely available on most institutions’ websites.

Schools can, however, take steps to defend themselves against these increasingly frequent cyberattacks. Investment in cybersecurity technology, along with training for staff and students, would likely provide immediate benefits. They could also work with vendors of new technology — like remote learning solutions — to secure their tech ecosystem and help ensure safety. And while knowledge of cybersecurity is often limited in such organizations, offensive security services can help institutions to work out their weak points.


As university and school systems are hacked, it’s crucial to ensure your faculty are up-to-date on the latest cybersecurity threats and tips. Implementing security awareness training protocols can help prevent future cybersecurity attacks.

Protect Your Organization from Phishing


Explore More Resources

Your Trusted Source for Cyber Education

Sign up for ThriveDX's quarterly newsletter to receive information on the latest cybersecurity trends, expert takes, security news, and free resources.

Download Syllabus

Let’s Talk

Download Syllabus

Apprenticeship Program

Apprenticeship Program

Let’s Talk

Get Your Free Trial

Access our Free OWASP Top 10 for Web

Enter your information below to join our referral program and gain FREE access for 14 days

Follow the steps below to get FREE access to our OWASP top 10 for Web course for 14 days

  1. Simply copy the LinkedIn message below
  2. Post the message on your LinkedIn profile
  3. We will contact you as soon as possible on LinkedIn and send you an invite to access our OWASP Top 10 for Web course


Make sure you confirm the tag @ThriveDX Enterprise after pasting the text below in your LinkedIn to avoid delays in getting access to the course.
tagging ThriveDX Enterprise on LinkedIn

Ready to Share?

Take me to now >

Contact ThriveDX Partnerships

[forminator_form id=”10629″]
Skip to content