UK's Data Watchdog Warns Students Are Breaching Their Schools' IT Systems

The UK's data-protecting Information Commissioner's Office has issued a warning about a worrying trend: students hacking into their school and college IT systems for fun or as part of dares. Since 2022, the ICO has investigated 215 hacks and breaches originating from inside education settings, with a staggering 57% carried out by children.

The new data reveals that almost a third of the breaches involved students illegally logging into staff computer systems by guessing passwords or stealing details from teachers. In one incident, a seven-year-old was involved in a data breach and subsequently referred to the National Crime Agency's Cyber Choices programme to help them understand the seriousness of their actions.

In another incident, three Year 11 students aged 15 or 16 unlawfully accessed school databases containing the personal information of more than 1,400 students. The pupils used hacking tools downloaded from the internet to break passwords and security protocols. When questioned, they said they were interested in cyber security and wanted to test their skills and knowledge.

Another example given by the ICO is of a student illegally logging into their college's databases with a teacher's details to change or delete personal information belonging to more than 9,000 staff, students, and applicants. The system stored personal information such as name, home address, school records, health data, safeguarding, and pastoral logs, and emergency contacts.

Schools are facing an increasing number of cyber attacks, with 44% of schools reporting an attack or breach in the last year, according to the government's most recent Cyber Security Breaches Survey. The ICO's principal cyber specialist tells the BBC that "What starts out as a dare, a challenge, a bit of fun in a school setting can ultimately lead to children taking part in damaging attacks on organisations or critical infrastructure."

The trend highlights a growing concern about youth cyber crime culture, with some experts suggesting it is linked to English-speaking teen gangs. Breaches at major companies have also been cited as an example of how this "gateway" crime can escalate.

As the education sector continues to grapple with these issues, parents and schools must take a proactive approach to educating children about online safety and the potential consequences of their actions. The ICO's warning serves as a timely reminder that hacking into school systems is not only illegal but also poses serious risks to individuals and organisations.

With the rise of cybercrime among young people, it is essential that schools and parents work together to prevent these types of incidents from occurring. By promoting digital literacy and online safety education, we can empower children with the skills they need to navigate the online world responsibly and safely.

The Consequences of Cyber Crime

Those found guilty of hacking into school systems or other organisations face serious consequences, including fines, imprisonment, and a permanent criminal record. The ICO's principal cyber specialist notes that "the law is clear: hacking into someone else's computer system without permission is a crime."

The impact of cybercrime goes beyond the individual perpetrators, affecting businesses, schools, and communities. The financial cost of cybercrime can be significant, with some estimates suggesting that the global average cost of a data breach is over $3 million.