CyberInsider

Reliable cybersecurity news and resources

General

Latest News

About

CyberInsider covers the latest news in the cybersecurity and data privacy world. In addition to news, we also publish in-depth guides and resources.
See our Mission >

UK Schools Hit by Cyberattacks from Their Own Students

By Leave a Comment
LinkedInReddit
UK Schools Hit by Cyberattacks from Their Own Students

UK regulators are raising alarm over a growing “insider threat” in schools as new data shows that students are responsible for more than half of all insider cyberattacks in the education sector.

The Information Commissioner’s Office (ICO), UK’s independent regulator for data protection and privacy laws, analyzed 215 breach reports between January 2022 and August 2024 and found that in 128 of these cases, the perpetrator was a student at the school or college.

Many of the breaches were far from sophisticated: nearly 30 percent involved students misusing login credentials, or guessing weak or improperly stored passwords. Some students confessed to accessing school systems simply because they were curious or wanted to test their technical ability. In one example, three high school junior students gained unauthorized access to their high school’s information management system, which stored data on more than 1,400 students.

Other incidents were more serious. One breach saw a student using a staff login to view, alter, or delete records belonging to over 9,000 students, staff, and applicants. The compromised information included names, addresses, health, and safeguarding records, all data normally protected under UK privacy and data laws.

Heather Toomey, Principal Cyber Specialist at the ICO, warned that what may begin as a dare or a prank can lead to lasting harm. She explained that the education sector tends to underestimate the risk posed by students who are already inside the system, and urged schools to understand what motivates young people online.

The ICO notes that, besides student actions, many insider breaches stem from poor data protection practices by staff: sending data to personal devices, allowing students access to staff accounts, or failing to properly configure access rights.

Schools are being urged to strengthen their cybersecurity: enforce strong password management, limit student access to staff systems, ensure staff are aware of data protection responsibilities, and educate students about the consequences of misuse. Parents are also encouraged to discuss online behavior and ethics with their children to help them make safer choices.

If you liked this article, be sure to follow us on X/Twitter and also LinkedIn for more exclusive content.

LinkedInReddit

More from CyberInsider

About Alex Lekander

Alex Lekander is the Editor-in-Chief and owner of CyberInsider.com. With a passion for cybersecurity and privacy topics, Alex launched this website in 2020. His background and expertise cover privacy research, technical writing, software testing, and site administration. He holds a Bachelor of Science and a Master of Science from Johns Hopkins University.

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Share to...
BlueskyBufferCopyFlipboardHacker NewsLineLinkedInMastodonMessengerMixNextdoorPinterestPocketPrintRedditSMSTelegramThreadsTumblrVKWhatsAppXingYummly