Dark web found to be littered with children’s data

Ransomware attacks which expose personal information are not only leaking the data of professionals and bank account holders, but also of children.  

In a report by NBC News in which they collected and analysed school files from underground hacking sites, the pages were found to hold personal information of thousands of children.  

The school files stolen by ransomware gangs included varying amounts of data. Often present were Social Security numbers or birthdays, which represent permanent indicators of somebody and when stolen can potentially risk setting the victims up for a lifetime of possible identity theft. 

Other data available on the schoolchildren sometimes included medical conditions and family financial statuses.  

In one instance, a school in Texas had their records hacked and after they did not pay the ransom, the files were posted online. One of these files was an Excel spreadsheet which held records on approximately 16,000 students. The spreadsheet not only listed each child’s name, gender, race, date of birth and Social Security number, but also whether they are an immigrant, marked as economically disadvantaged and even if they potentially have dyslexia. 

Why are schools targeted?  

In 2021, more than 1,200 American K-12 schools (until students are 18) had their data published by ransomware gangs, according to a ransomware analyst at cybersecurity company Emisoft (figure given to NBC). 

The issue with schools is they have a lack of both protection and knowhow in how to handle such attacks, according to Doug Levin, director of non-profit organisation K12 Security Information Exchange, who work to help keep schools protected against cyberthreats. 

“I think it’s pretty clear right now they’re not paying enough attention to how to ensure that data is secure, and I think everyone is at wits’ end about what to do when it’s exposed,” Levin said. “And I don’t think people have a good handle on how large that exposure is.” 

Schools have been a regular target for over a decade, and their data is usually bundled together and sold to identity thieves. 

The problem is also often worsened by the naivety of many schools who simply don’t know everything that is stored on their network and may not therefore know the extent of what the hackers have taken. 

Despite the sensitivity of the data stored on their children, schools don’t have the money, according to Levin, to pay for dedicated cybersecurity experts or solutions.  

UK perspective 

The NCSC (National Crime Cyber Security Centre) has highlighted and raised concerns of increasing ransomware attacks on the UK education sector since August 2020.  

They emphasise the importance that “senior leaders understand the nature of the threat and the potential for ransomware to cause considerable damage to their institutions in terms of lost data and access to critical services.” 

They say that recent incidents involving ransomware have led to the loss of student coursework, school financial records and also data relating to COVID-19 testing. 

Fighting back 

The NCSC has detailed guidance both on how to prevent and recover from ransomware attacks, which can be found on their website. Some of the most important are: 

• Effective vulnerability management and patching procedures 
• Secure RDP services with multi-factor authentication 
• Antivirus software 
• Mechanisms to prevent phishing attacks. 
• Up-to-date offline backups  

Securiwiser can provide a vulnerability check-up for your institution. More information can be found here.