Share this article on:
The FBI has warned that hackers have turned to school districts aimed at stealing personal data from K-12 students.
Security experts say these cyber attacks are affecting school districts of all sizes and types in the US, with incidents popping up from coast to coast.
According to the FBI, the hackers have taken aim at school districts with limited cyber security protections, which makes them more vulnerable. Now, it anticipates the number of threats to increase as the new school year ramps up.
Following the issue of FBI's recent warning, top security agencies in the US have explained the ransomware group called Vice Society is disproportionately targeting K-12 schools.
Experts advise schools should also have a minimum standard for cyber security management along with resources and guidance to keep their systems safe.
The US nonprofit K12 Security Information eXchange (K12 SIX) has been tracking these kinds of threats for years.
According to Doug Levin, national director for K12 SIX, there has been widespread credit abuse, identity theft, even tax fraud linked to the recent security incidents.
According to K12 SIX, it has observed more than 1,300 publicly reported cyber attacks since 2016. During those incidents, Levin explained, "children's personal information is most at risk".
In some cases, Levin added, students as young as first graders have had their identities stolen and families didn't know there was an issue until years later.
"They don’t know until it is time for them to apply for a student loan or try to rent their first apartment, and they are rejected from those opportunities because their credit records have been abused, and they had no idea," Levin said.
There are likely 10 to 20 times more ransomware incidents at schools than what has been reported, Levin further explained, which contributes to the issue being much more widespread.
Districts don’t always report cyber attacks because often they weren’t prepared ahead of time and Levin believes this must change.
"Putting in place a regime that would require some sort of incident reporting, both to the government, to other school districts, so they can take the steps to protect themselves from the same sorts of incidents that a school may be facing.
"But also, to parents and families and educators themselves.
"They need to know when they are personally at risk so they can take steps to protect themselves," Levin concluded.
[Related: ‘Rapid upskilling’ required as severe Aussie cyber security jobs shortfall predicted]