Dive Brief:
- Ransomware attacks surged 69% in the global education sector for the first quarter of 2025 compared to the same period last year.
- Some 81 ransomware incidents — both confirmed and unconfirmed — hit education internationally in the first three months of the year, compared to 48 attacks in Q1 of 2024, according to an analysis released Thursday by Comparitech, a cybersecurity and online privacy product review website.
- Within the education sector, ransoms averaged $608,000 among confirmed attacks, Comparitech found. The largest ransom hackers demanded was $1.5 million from Asia University in Taiwan.
Dive Insight:
Across the education, government, healthcare and business sectors, Comparitech recorded 2,190 ransomware attacks globally in Q1 of 2025— a jump of more than 1,000 incidents year over year. Just 197 of those 2,190 attacks have been confirmed by Comparitech so far. Comparitech researchers noted in their analysis that it often takes months after an incident to confirm a ransomware attack.
Of the Q1 2025 ransomware attacks on education, 22 were confirmed through a data breach notification or company press release, and 59 were unconfirmed.
Comparitech’s latest findings follow a March report by the nonprofit Center for Internet Security that noted a startling 82% of K-12 schools in the U.S. experienced a cyber incident between July 2023 and December 2024.
Schools have been increasingly targeted by ransomware attacks, which district leaders and researchers note can lead to financial damage and operational disruptions.
More recently, cyberattacks against vendors and ed tech companies have exposed sensitive student and staff data at partnering schools.
For instance, Thursday’s Comparitech report flagged that a cyberattack on file transfer software known as Cleo led to a third party gaining unauthorized access to 700,000 students’ data at Chicago Public Schools late last year.
The district acknowledged the data breach in a March 7 statement, adding that some of the compromised information of current and former students included their names, dates of birth, genders, CPS student ID numbers and Medicaid ID numbers. The breach impacts students dating back to the 2017-18 school year, according to the district.
Meanwhile, scrutiny and investigations have escalated against ed tech provider PowerSchool since it first disclosed in January that a breach had compromised student and teacher data including names, contact information, medical information and Social Security numbers. The cloud software provider serves over 60 million students and 18,000 education customers.
As schools continue to face higher risks of cyberattacks and data breaches, the Center for Internet Security has advised that K-12 schools prioritize cybersecurity by fostering a school culture where staff and faculty take proactive cyber defense measures. That’s especially important as cybercriminals increasingly focus on attacking the human element of networks through phishing and social engineering tactics, CIS warned in March.
