K-12 schools in the U.S. are facing a wave of cyberattacks and data thefts after the holiday season, with several school districts reporting breaches. Incidents have been reported in Montana, Washington, and California, with Ohio’s Groveport Madison Schools recovering from a ransomware attack by the group BlackSuit, believed to be a rebrand of the Royal ransomware gang.
Despite the attack, which compromised some staff data and affected internet usage, the school district was able to continue operations and recover within a month. Cybersecurity and Infrastructure Security Agency (CISA) had warned the Ohio school district about the attack, leading them to shut down internet access. However, the attackers still managed to damage Windows devices, security cameras, and printers.
Meanwhile, cybersecurity researchers are uncovering vulnerabilities in the cloud-based platforms and software used by schools. Notably, a recent discovery by vpnMentor’s Jeremiah Fowler revealed exposed records from Raptor Technologies, a school security company, including sensitive information on school layouts, emergency drills, and student data.
Lawyers are now looking for individuals affected by these breaches, and the Washington, D.C. public school system has begun notifying parents about the exposure of student information due to vulnerabilities in Raptor Technologies’ platform.
The deputy chancellor of DC Public Schools, Amy Maisterra, assured families that no Emergency Response Plans (ERPs) for their schools were stored in the Raptor platform, thus were not compromised. These incidents highlight the growing concern over cybersecurity in the education sector and the need for robust protection measures.
