The Hechinger Report is a national nonprofit newsroom that reports on one topic: education. Sign up for our weekly newsletters to get stories like this delivered directly to your inbox.

Sometimes Superintendent Steve Bradshaw has to close the schools in Columbia Falls, Montana because of snow. But he never thought he’d have to call off school because of an attack by the Dark Overlords. Then, in September 2017, students and staff across the district started receiving threatening text messages and emails.

“It was frightening,” he says. “They were saying that they wanted $150,000 worth of bitcoins.”

The Dark Overlords are a faceless group of hackers, most well known for hacking and trying to extort Netflix. They hadn’t attacked a school before.

Like big businesses, schools gather a lot of data. Unlike big businesses, they don’t have many IT and security resources to protect that information. Schools collect names and birth dates, social security numbers, discipline records and health records. With this data, thieves can create fake online identities, or sell the students’ information and identities.

Tara García Mathewson covers innovation and technology in education for The Hechinger Report. She says schools face a lot of cyberthreats.

“This is something that the education industry has been late to the table to,” she says.  “Schools are collecting more data now than they used to, and hackers are turning to schools as sources of data that’s worth stealing.”

EdTech Strategies, a cybersecurity consultancy that tracks incidents of cyberattacks at public K-12 schools, has recorded more than 320 attacks on schools since January 2016.

“Some K-12 districts are reporting probes from hackers and attempted attacks every few seconds, every single day,” García Mathewson says.

With the help of local police and the FBI, the Columbia Falls School District was able to regain control of its servers, and the Dark Overlords backed off from releasing the information they stole after they were paid $5,000. The school district didn’t pay the ransom, and it’s not clear who did.

Today, Columbia Falls has done what it can to improve cybersecurity, but Superintendent Steve Bradshaw still worries it’s not enough.

“We have created what we think is about as safe as we can afford to do,” he says. “I think any district in the country, in all honesty, could get hacked. These guys are so good at what they do. We think we’re one step ahead of them, but I don’t think we are.”

On this episode of the podcast, we’re talking about cyberthreats at schools, and the struggle to keep student data safe.

The Hechinger Report provides in-depth, fact-based, unbiased reporting on education that is free to all readers. But that doesn't mean it's free to produce. Our work keeps educators and the public informed about pressing issues at schools and on campuses throughout the country. We tell the whole story, even when the details are inconvenient. Help us keep doing that.

Join us today.

Letters to the Editor

At The Hechinger Report, we publish thoughtful letters from readers that contribute to the ongoing discussion about the education topics we cover. Please read our guidelines for more information. We will not consider letters that do not contain a full name and valid email address. You may submit news tips or ideas here without a full name, but not letters.

By submitting your name, you grant us permission to publish it with your letter. We will never publish your email address. You must fill out all fields to submit a letter.

Your email address will not be published. Required fields are marked *