The federal government warns K-12 schools are facing a growing threat from cyberhackers.
According to the FBI, those school districts often have limited cybersecurity protections, which makes them more vulnerable.
Experts said cyberattacks are affecting school districts of all sizes and types, with incidents popping up from coast to coast.
Now the FBI says it anticipates the number of threats to increase as the new school year ramps up.
In a recent warning, the FBI and some of the nation’s top security agencies say the ransomware group called Vice Society is disproportionately targeting K -12 schools.
“We have seen widespread credit abuse, identity theft, even tax fraud,” said Doug Levin, national director for K12 Security Information eXchange.
National nonprofit K12 Security Information eXchange, or K12 SIX has been tracking these kind of threats for years. So far, K12 SIX seen more than 1,300 publicly reported cyberattacks since 2016. During these incidents, Levin said your children’s personal information is most at risk.
In some cases, he explained students as young as first graders have had their identities stolen, and families didn’t know there was an issue until years later.
“They don’t know… until it is time for them to apply for a student loan or try to rent their first apartment, and they are rejected from those opportunities because their credit records have been abused and they had no idea,” said Levin.
The issue may be much more widespread. Levin believes there are likely 10 to 20 times more ransomware incidents at schools than we know about.
He said districts don’t always report cyberattacks because they often weren’t prepared ahead of time. Levin believes this must change.
“(Districts need to be) putting in place a regime that would require some sort of incident reporting both to the government and to other school districts so they can take the steps to protect themselves from the same sorts of incidents that a school may be facing,” said Levin.
He added that “parents and families and educators themselves need to know when they are personally at risk so they can take steps to protect themselves.”
Experts advise schools should also have a minimum standard for cybersecurity management along with resources and guidance to keep their systems safe.