EdTech Firms Under Fire: Cyberattacks on Schools Surge

Cybercriminals have set their sights on the education sector, launching a wave of attacks that threaten student privacy and disrupt learning. Groups like ShinyHunters and FulcrumSec are increasingly targeting EdTech platforms, exposing sensitive data and holding critical systems hostage for financial gain.

A growing threat to student data

Recent campaigns by ShinyHunters underscore the vulnerability of widely used EdTech systems. In March, the group breached the Salesforce-backed Infinite Campus platform, stealing personal details from over 137,000 school staff accounts. The attack targeted a system serving 11 million students across 46 states, highlighting how a single breach can ripple through entire districts. Meanwhile, FulcrumSec’s ransomware strike on Singapore’s Global Schools Foundation in June disrupted operations across multiple countries, leaving schools unable to access essential services.

Why EdTech is in the crosshairs

The surge in attacks reflects both the sector’s expanding digital footprint and the lucrative value of education data. Student records, staff credentials, and institutional systems are prized by cybercriminals for resale or extortion. Resecurity warns that as EdTech platforms integrate deeper into education infrastructure, they become prime targets for increasingly sophisticated tactics, from data theft to service disruption.

Mitigating the risk

For institutions, the stakes are high: compromised systems can delay learning, erode trust, and incur significant recovery costs. Experts recommend prioritizing robust security measures, including multi-factor authentication, regular audits, and rapid incident response plans. With cyber threats evolving, the education sector must act swiftly to safeguard its digital future.

---

Source: Security Affairs. AI-assisted editorial synthesis — TechnoExpress.