An Andalusian Hacker Altered His Grades Through a Cyberattack
A shocking case of cybercrime has come to light in Seville, Spain, where a 21-year-old student was arrested for manipulating his school grades and those of several classmates through a sophisticated hacking attack on the educational platform Séneca.
The investigation, which began in March 2025 after an alert from San Juan Bosco High School in Jaén, led to the identification of the suspect as a young man with a troubled past. Police found his computer equipment and a handwritten notebook listing falsified grades during a search of his home, providing rare physical evidence that directly linked him to the compromised data.
The suspect allegedly used standard hacking techniques to penetrate Séneca and access the email accounts of thirteen professors working at six regional universities in Andalusia. He then altered not only his own grades but also those of certain classmates, blurring the tracks by hiding his manipulations among others.
This act was therefore not just personal gain but also an experiment within the system, highlighting the vulnerability of educational institutions to cyberattacks. The case underscores the weakness of educational systems against cyber intrusions, a concern that is growing globally.
A Growing Concern: Education as a Target for Cybercriminals
Education systems are becoming prime targets for cybercriminals, whether for financial gain or personal motives. The Seville case is not an isolated incident. Similar incidents have already affected the United States and other countries, with cases such as a Massachusetts student indicted for hacking PowerSchool, which serves over 60 million people.
In January 2025, a Massachusetts student was charged with hacking into PowerSchool, primarily to alter grades. The case prompted a swift response from the Department of Justice, reminding that digital academic forgery is a federal crime. Months earlier, in June 2024, Columbia University revealed a much larger cyberattack, where over 860,000 people had their data compromised.
These incidents converge on the same point: education is a vulnerable sector. Its IT systems, often decentralized and inconsistent, struggle to apply the same cybersecurity standards as more sensitive sectors like finance or healthcare. Beyond the individual case, trust in academic evaluation is at stake. If grades and diplomas lose credibility, the entire educational system weakens.
Consequences and Calls for Action
The Seville case strikes at a symbol: the university entrance exam, meant to reflect merit and fairness. Parents, students, and teachers are now questioning the integrity of academic records. University leaders fear that revelations of such breaches could damage the value of Andalusian diplomas on the international academic market.
Strengthening Protections
Cybersecurity experts stress the need to strengthen protections in education systems. Multi-factor authentication for teachers, regular audits of platforms like Séneca, and staff training to detect phishing attempts are seen as priority measures. When French schools also become targets, such as when a middle schooler in Castres spoofed his principal’s address or when La Salle in Nouvelle-Aquitaine had its transcripts encrypted by ransomware with an €8,000 ransom demand refused, it highlights the sector's fragility.
The hacker “st0jke” infiltrated several Parisian schools and sold their databases, while in 2023, the ENT Monlycée.net platform suffered a breach exposing the personal data of high schoolers in the Paris region. These incidents underscore the need for education institutions to take cybersecurity seriously.
In conclusion, the Seville case serves as a stark reminder of the vulnerability of educational systems to cyberattacks and the importance of strengthening protections to prevent similar incidents in the future.