Cybersecurity is An Overlooked Threat on K-12 Campuses
- By Brent Dirks
- February 18, 2025
Improving physical security on K-12 campuses is always at the top of mind for decision makers like principals, superintendents, and many others with a focus on surveillance cameras, access control, and emergency drills.
But cybersecurity something that needs as much scrutiny as in today’s digital landscape. In late December 2024, hackers breached education technology company PowerSchool and reportedly stole the personal data of 62.4 million students and 9.5 million teachers in Canada and the United States. PowerSchool SIS is a cloud-based or on-premises student information used for record, grades, enrollment, and more.
Some of the personal information stolen in the hack included Social Security numbers, personal identifiable information, medical information and grades. The hackers were able to access the a customer support portal with compromised credential and then used a export data manager to download the data.
There was no evidence that any banking information or credit card information was stolen .
While the attack wasn’t ransomware, PowerSchool reportedly confirmed that the company did pay a ransom to prevent the data from being widely released.
PowerSchool is two years of complimentary credit monitoring services for adults and identify protection services for minors. The company is also working with CrowdStrike to investigate the incident.
As education continues to become more digital, school districts need to also focus on cybersecurity. School remain a inviting target for hackers. While the institutions store important personal data of both students and teachers, the focus on a cybersecurity infrastructure isn’t as strong compared to a private corporations.
When working with third-party vendors, districts need to require strict security measures. At the same time, districts can better train staff and students on cybersecurity awareness and practices. That’s especially important as many breaches are done with simple phishing techniques.
Just like with physical security, improved cybersecurity training and awareness can go a long way. A well-trained school community is the best defense against cyber threats.
This article originally appeared in the March / April 2025 issue of Campus Security Today.
About the Author
Brent Dirks is senior editor for Security Today and Campus Security Today magazines.