Why schools remain one of cybercriminals’ favourite targets

Schools on both sides of the Atlantic have been revealed in recent days to have been hit by hackers, reminding all of us that ransomware gangs see educational instituions as targets all year round.

Evanston Township High School (ETHS), located approximately 14 miles north of Chicago, says it was hit by a ransomware attack on Sunday, June 7 2026.

The school closed its campus entirely on Monday and Tuesday, cancelling summer school classes, sports camps, and all other on-campus activities.

According to an advisory published by the school, the attack knocked out not only ETHS’s computer systems, internet services, and phone lines – but also what it described as “critical systems needed to safely operate the building”, including door access controls, and public address systems.

It was these safety systems going offline that forced the closure, according to the high school:

“Without these systems fully operational, we cannot safely run school, sports camps, or other on-campus activities.”

The school district says it has notified the FBI, locked down all staff accounts as a precaution, and called upon the services of external cybersecurity experts in its attempt to rebuild its systems safely.

Employees have been told not to touch their PCs until cleared by IT, and to not reuse old passwords. Among the systems taken offline is Home Access Center, a student portal powered by PowerSchool.

If that name is familiar to you, it may because you remember that PowerSchool suffered a serious cybersecurity breach in 2024, which saw the records of tens of millions of students and teachers exposed. The current incident at ETHS is not believed to be linked to the 2024 PowerSchool breach.

No ransomware group has claimed responsibility for the attack against ETHS, and it is not known if any personal data has been exfiltrated by cybercriminals. The school is, however, expecting to reopen on Wednesday June 10, once emergency systems are properly restored.

Just says before the attack in the United States, Powys County Council in Wales disclosed that 13 of its own schools had suffered at the hands of hackers.

The attack, which was first identified in April but was not made public for another two months, has not resulted in the closure of any schools, but it has been confirmed that the personal data of pupils and staff at at least one school was accessed.

Citing the “sensitive nature” of the exposed data, Powys County Council has declined to name the affected academic establishments. Instead, it says it is “contacting affected individuals directly where necessary and providing advice on steps they can take to protect themselves.”

The sad truth is that schools are attractive targets to cybercriminals. They store sensitive data about children, and run on tight budgets with limited resources when it comes to cybersecurity defence.

And, as is demonstrated by the closure of ETHS, schools often rely upon networked systems for everything from the platforms used to teach pupils to providing physical access controls.

Meanwhile, schools don’t just face serious threats from organised criminal gangs but also from within their own walls. The UK’s Information Commissioner’s Office warned last year that schools face a considerable threat from their own pupils unlawfully accessing computer systems with malicious intent.

The education sector knows it is a soft target for cybercriminals, which makes it all the more important that it is given the funds and expertise to properly defend itself.