The UK’s privacy watchdog has issued a warning that children are becoming the reasons behind cyber incidents in schools. The Information Commissioner’s Office analysed 215 insider breaches in the education sector between January 2022 and August 2024 and found that 57% were caused by students.
In almost every case where stolen login details were used, students were responsible. The ICO said 97% of these incidents were traced back to pupils, showing that many were not breaking in but logging in. Weak passwords written on scraps of paper or staff devices left unattended gave them easy entry points.
The National Crime Agency has reported that 1 in 5 children aged 10 to 16 has engaged in illegal online activity. Last year the agency even referred a 7 year old to its Cyber Choices programme, which tries to steer young people toward legal tech skills.
Why Are Students Hacking Their Schools?
The ICO said children were often motivated by dares, a desire for notoriety, or rivalry with other students. In some cases, money was also involved. Around 5% of 14 year old boys and girls admitted to hacking, with most teen hackers being English-speaking males.
Real incidents show just how far this behaviour can go… 3 students in Year 11 broke into a school’s information management system holding records of 1,400 pupils. They admitted using free tools from the internet to crack passwords and belonged to an online hackers’ forum.
In another case, a college reported that a student accessed the personal details of more than 9,000 staff, students, and applicants. The data included addresses, health records, and emergency contacts. The student used a stolen staff login to make changes and even delete information. Police and the ICO were informed.
How Are Schools Making The Problem Worse?
The ICO’s analysis mentioned that weak security practices were often a contributor to these incidents. About 23% of the breaches were linked to poor data protection, such as staff using personal devices or leaving laptops unattended. In 20% of cases staff sent data to personal accounts, while 17% came from misconfigured systems like SharePoint.
Only 5% of insider incidents involved advanced technical methods. This shows that most breaches could have been prevented with basic safeguards.
More from News
- 66% Of Parents Support Social Media Limits For Kids, Survey Finds
- UAE Leads the Charge In Transformation Readiness, Study Shows
- What Does The EU Data Act Mean For Users And Businesses?
- UK Government Signs £400 Million Deal With Google Cloud, Here’s Why
- Meet The Man Who Surpassed Elon Musk As The Richest Man In The World For A Day
- What Are The Effects Of The UK Cybersecurity Skills Shortage?
- Will The eCommerce Industry Reach A $13 Trillion Valuation By 2030?
- Does Reddit Have A New Direct Competitor?
The ICO has urged schools to take greater responsibility…
It said regular training on GDPR and better controls on who can access data are needed to remove temptation from students. The National Cyber Security Centre also has advice tailored to schools.
The National Education Union has said most schools in the UK face budget cuts. Many are struggling to cover daily running costs and may not be able to afford new cyber security measures.
What Can Parents Do To Help?
The ICO is also turning to parents, asking them to have open conversations with their children about online behaviour. What may seem like a prank to a child can turn into criminal activity.
The NCA has warned through its Cyber Choices programme that even small actions count as offences. For example, a child logging into a friend’s gaming account to buy credits without permission is still committing fraud. Another case involves a child remembering a classmate’s password and later using it to read private messages.
Parents are encouraged to direct their children toward legal coding and cyber security skills. Resources are available to help families understand how curiosity about technology can be channelled into careers rather than crime.
Heather Toomey, Principal Cyber Specialist, said:
“Whilst education settings are experiencing large numbers of cyber attacks, there is still growing evidence that ‘insider threat’ is poorly understood, largely unremedied and can lead to future risk of harm and criminality.
“What starts out as a dare, a challenge, a bit of fun in a school setting can ultimately lead to children taking part in damaging attacks on organisations or critical infrastructure.
“It’s important that we understand the next generation’s interests and motivations in the online world to ensure children remain on the right side of the law and progress into rewarding careers in a sector in constant need of specialists.”
