Please enable JavaScript to experience the full functionality of GMX.

Schools and colleges at centre of pupil hacking alert
Daily tech news and industry insights with GMX

Schools and colleges at centre of pupil hacking alert

The UK’s data regulator has warned schools and colleges of a “worrying trend” of pupils hacking their own IT systems for fun or on dares.

Hacking alert
The UK’s data regulator has warned schools and colleges of a “worrying trend” of pupils hacking their own IT systems for fun or on dares

Information Commissioner’s Office officials also warn staff are failing to recognise the “insider threat” posed by students.

According to its latest figures, the majority of insider cyber-attacks and data breaches in education settings – those carried out by someone with access to internal systems – originate with children.

Heather Toomey, the ICO’s principal cyber specialist, was quoted by the BBC saying: “What starts out as a dare, a challenge, a bit of fun in a school setting can ultimately lead to children taking part in damaging attacks on organisations or critical infrastructure.”

The warning follows a series of high-profile cyber-attacks in which teenagers have been implicated, including incidents affecting Marks and Spencer and Jaguar Land Rover.

Since 2022, the ICO has investigated 215 hacks and breaches from within education institutions and found that 57 percent were carried out by students.

Other cases involved staff, third-party IT providers and organisations with internal access.

Nearly a third of breaches involved pupils illegally logging into staff computer systems, either by guessing passwords or stealing login details.

In one case, a seven-year-old was involved in a breach and referred to the National Crime Agency’s Cyber Choices programme to learn the seriousness of their actions.

The ICO did not provide details of the incident.

In another case, three Year 11 students aged 15 and 16 gained unlawful access to school databases holding the personal information of more than 1,400 pupils.

The teenagers used hacking tools downloaded from the Internet to crack passwords and bypass security protocols.

They later told investigators they were “interested in cyber security” and wanted to test their knowledge.

Another example cited by the ICO involved a student who logged into a college database using a teacher’s details to alter or delete information belonging to more than 9,000 staff, students and applicants.

Records included names, addresses, health information, safeguarding logs and emergency contacts.

The government’s most recent Cyber Security Breaches Survey reported that 44 percent of schools experienced a cyber-attack or data breach in the past year.

Officials have also linked youth hacking activity to English-speaking teen gangs.

Over the last 12 months, police in the UK and US have arrested teenagers accused of targeting companies including MGM Grand Casinos, Transport for London, Marks and Spencer and Co-op.

Sponsored Content

Related Headlines

Computer hackers struck at Jaguar Land Rover
Technology
Jaguar Land Rover confirms cyber-attack ‘severely disrupted’ vehicle production
Hacker
Technology
Group of young English-speaking hackers claim responsibility for Jaguar Land Rover cyber attack
Person at computer
Technology
UK traffic to adult sites falls sharply after age check introduction
Mikel Arteta
Sports
Mikel Arteta: Arsenal need trophies to be considered amongst the elite
Frank Warren
Sports
Frank Warren believes Anthony Joshua v Tyson Fury can still take place