2020 was a ‘record-breaking’ year in US school hacks, security failures

New research suggests “cybersecurity risks are now neither hypothetical, nor trivial.”
Written by Charlie Osborne, Contributing Writer

A new analysis on the state of cybersecurity in K-12 schools across the US has revealed a record-breaking number of security incidents in 2020. 

On Wednesday, during the K-12 Cybersecurity Leadership Symposium, the research, titled "The State of K-12 Cybersecurity: 2020 Year in Review," was released. 

The 25-page report is the result of work between the K12 Security Information Exchange, led by Doug Levin as National Director, and the K-12 Cybersecurity Resource Center. 

The independent research focuses on the infrastructure supporting primary and secondary-level education in the United States. 

Last year, students and teachers worldwide were forced to abandon the classroom and shift to remote learning platforms without warning. This disruption continues, and while the report acknowledges the "heroic" efforts of IT staff, the analysis also says that "school district responses to the COVID-19 pandemic also revealed significant gaps and critical failures in the resiliency and security of the K-12 educational technology ecosystem."

"Indeed, the 2020 calendar year saw a record-breaking number of publicly-disclosed school cyber incidents," the report says. "Moreover, many of these incidents were significant: resulting in school closures, millions of dollars of stolen taxpayer dollars, and student data breaches directly linked to identity theft and credit fraud."

The K-12 Cyber Incident Map, as shown below, cataloged 408 school incidents across the year that have been publicly disclosed. These include student and staff data breaches, ransomware outbreaks, phishing and social engineering, denial-of-service (DoS) attacks, and more. 


K-12 incident rates have increased by 18% year-over-year. The most common cybersecurity incident was a form of data breach, followed by DoS and ransomware. In many data breach cases, sensitive information belonging to staff and students were compromised. 

"Other" incidents include website defacement, unauthorized email account access, and remote class invasions -- also known as Zoombombing. 


Incidents increased the most during summer and fall, most likely due to the increased reliance by schools on technology to keep lessons on track. The research also notes that as school staff became remote employees, device and account privileges may have increased, creating a larger attack surface for threat actors. 

"School districts should revisit their contingency plans for continuity of operations during emergencies, with a focus on IT systems used in teaching and learning and district operations," the report notes. "While no one can predict whether another global pandemic will close schools to in-person learning, important lessons can and should be drawn from this experience to ensure that if such an event (or something like it) occurs again in the future, districts are better prepared."

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0

Editorial standards