Rising Cyber Threats in the Education Sector: Time to Act

Who should read this?

• Administrators from all types of educational institutions—whether traditional schools, universities, or online learning platforms—who are responsible for protecting student, faculty, and staff data, research details, and financial records.

What happened?

The education sector is the fifth most affected industry globally by cyber crime incidents (Forbes), with cyber attacks on academic institutions becoming more frequent and severe. In India alone, the education sector faced 8,195 attacks per week—more than double the global average of 3,355. In recent months, several major incidents have disrupted universities, K-12 school systems, and student information platforms, putting millions of records and sensitive data at risk.

For example, recently:

• A cyber attack on Eindhoven University of Technology in the Netherlands forced the university to shut down its network and suspend lectures, causing significant academic disruptions.
• Hackers claim to have stolen data from 62 million students in a breach of PowerSchool, a widely used student information system. The attackers reportedly gained access through compromised credentials, exposing personal and academic records.
• North Korean state-sponsored hacking group APT43 has been actively targeting academic institutions to steal research data and conduct cyber espionage.
• Weaponized PDFs containing Lumma InfoStealer malware are being used to extract sensitive credentials, financial data, and other personal information from faculty and students.
• Several U.S. school districts reported cyber security breaches, exposing sensitive student records, staff data, and administrative operations.
  

Additionally, a 2025 Forbes report emphasized the urgent need for cyber security training in educational institutions, as students and faculty remain primary targets for phishing, credential theft, and malware attacks.

Why does it happen?

1. Valuable data-Universities and schools maintain vast databases of student records, financial transactions, and confidential research. This makes them attractive targets for cyber criminals who seek to exploit this information for financial gain.
2. Weak cyber security measures-Despite the growing number of cyber attacks, many institutions still lack basic security defenses, such as setting stronger password policies, updating software, providing awareness training, and following proper data handling practices, making them easy targets.
   

What’s the risk?

• Disruption of learning and institutional operations-A cyber attack can halt classes, delay administrative processes, and create uncertainty for students and staff. If systems managing online learning, grading, payroll, or enrollment are compromised, institutions may struggle to maintain continuity, leading to widespread frustration, academic delays, and operational chaos.
• Reputational damage-Cyber attacks can damage an institution’s credibility and reputation, making students, parents, and faculty question its ability to protect sensitive information. If data breaches or system disruptions become frequent, institutions may struggle to attract new students, secure research funding, or maintain partnerships with external organizations.
  

How can academic institutions defend against these attacks?

1. Consider creating an incident response plan-Every educational institution, whether it’s a school, college, or online platform, should have a clear plan for responding to cyber attacks. This plan should include immediate steps to contain the attack, protect data, and communicate with stakeholders (students, parents, faculty, etc.) about the breach.
2. Use stronger login security-Ensure that important systems—like student databases, learning platforms, and research tools—use Multi-Factor Authentication (MFA). This adds an extra layer of security, making it harder for attackers to gain access even if they steal passwords.
3. Update software periodically-Keep all software, from learning management systems to administrative tools, up to date. Software updates often contain patches for security vulnerabilities, so periodic updates help prevent cyber criminals from exploiting outdated systems.
4. Check third-party security-Educational institutions often rely on third-party services for services like learning platforms, email, and administrative software. It’s important to periodically assess whether these third-party providers follow strong security practices and ensure they only have access to the data they need.
5. Encourage security awareness-Security isn’t just about technology—it’s also about people. Encourage everyone in the institution to be aware of potential security threats. This includes periodic reminders about phishing, the dangers of weak passwords, and the importance of reporting suspicious activity.
6. Limit data access – Not everyone needs access to all the data. By limiting access to student, faculty, and staff data based on specific roles, the risk of a breach due to accidental exposure or malicious intent can be reduced.
7. Secure all types of communication-Protect all communication channels—email, phone calls, and messaging systems. Cyber criminals can target any way information is exchanged, so securing all communication forms helps ensure data stays protected.

References

1. Cyberattack forces Dutch university to cancel lectures | The Record from Recorded Future News
2. PowerSchool hacker claims they stole data of 62 million students
3. APT43 Hackers Attacking Academic Institutions With Exposed Credentials
4. Weaponized PDF Documents Deliver Lumma InfoStealer Attacking Educational Institutions
5. Protecting-our-future-why-cybersecurity-training-is-essential-for-students/