Schools have faced A cyber attack attack Since the epidemic disrupted nationwide education five years ago, the district leaders across the country have employed a comprehensive pattern of failure that leaves the real victims in the dark, an investigation by 74 shows.
An in-depth analysis in more than 300 school cyber attacks in the last five years suggests that school leaders in almost every state repeatedly provided incorrect assurance to students, parents and employees about the safety of their sensitive information. . At the same time, advisors and lawyers do “privileged investigation” that hide the major details from the public.
In more than two dozen cases, teachers were forced to leave the months behind – and in some cases in more than a year – after telling your communities that sensitive information, including part, special education housing, mental Health challenges and students sexual misconduct were reported, not exposed. While many school officials offered a clear story, others refused to accept basic details about cyber attacks and their impacts on individuals, even though hackers made the student and teacher information public.
There is no coincidence in the message of schools.
This is because the first people to be cautious after a school cyber attack are usually neither the people nor the police. District event response plans give insurance companies and their Falances the first place of privacy lawyers. They take feedback, in which the victim's parents or employees focus on limiting the risk of schools for cases.
Lawyers, often employed by only a handful of law firms Breach mills The professor of a law discussed the attorney-client privilege to forensic cyber analysts, crisis communicators, and ransom negotiaters on behalf of his large-scale Cassalids-Schools. Data privacy compliance Is One development industry For these special lawyers, who work to control the story.
Results: Students, Family, and District Employees whose personal data were published online – from their financial and medical information to painful events in the lives of young people – theft, fraud, and other forms of their risks and risks Is clearly abandoned about. Exploitation. Soon he said, he could take steps to save themselves.
Similarly, the public is often unaware when school officials agree silently in closed door meetings to repay the ransom demands of cybergangs to recover their files and unlock their computer systems. Research shows that Increase in events In the minimum part of the will of the insurers to pay, the fuel is given. Hackers are themselves Stated When a target is cyber insurance, ransom payments are “all but guarantee”.
In 2023, there were 121 ransomware attacks on US K -12 schools and colleges, according to this CompareA consumer-centric cyber security website whose researchers admitted that this number is an undercount. An analysis by Cyber โโSecurity Company malwarebights In 2023, 265 ransomware attacks against the education sector globally reported-70 percent year-on-year increase, this is “the worst ransomware year on record for education”.
Professor Daniel Schwarkz of a university in Minnesota wrote 2023 report for Harvard Journal of Law and Technology Criticizing privacy and double -speed that the cyber attack of lawyers as a school cyber attack is often called a breech coach – on the spot.
“There is a good line among the misleading and, you know, technically accurate,” Schwarkz told 74. “Breach coaches that try to do that line is correct – and sometimes they cross it.”
When violations are uninterrupted
In the decision of the rear scenes, the 74 inquiry which determines what, when, when, and how the cyber attack shows that more than two dozen districts and school spending data from public record requests The medium is based on thousands of documents that link to the law firms. , The ransomware negotiator, and other advisors hired district reactions to run. It also includes analysis of millions of stolen school district records uploaded on cybergangs' leakage sites.
Some of the most sensitive information of students remain indefinitely on the dark web, a hidden part of the Internet that is often used for anonymous communication and illegal activities. Other personal data can be found online with slightly more than Google Search – even schools districts deny that their records were stolen and cyberthwes claim about their latest scores.