Ransomware Attacks Exposed 6.7 Million Records in US Schools

News

Written by

Photo of Alessandro Mascellino

Alessandro Mascellino

Freelance Journalist

Ransomware attacks on US schools and colleges have surged in recent years, with 491 incidents recorded since 2018, impacting over 8000 educational institutions and exposing 6.7 million individual records.

According to a new report by Comparitech, estimated costs exceed $2.5b in downtime alone as schools struggle to restore systems, recover data and strengthen cybersecurity measures.

In 2023, the number of attacks reached a record high of 121, marking a significant increase from the 71 attacks reported in 2022. 

The average downtime per attack has also grown, rising from just under nine days in 2021 to 12.6 days in 2023. The financial impact is severe, with downtime costing schools an average of $550,000 daily.

Key Findings of the Report

  • 491 ransomware attacks from 2018 to July 2024

  • Over 6.7 million records breached

  • Estimated total cost of downtime: $2.54b

  • The average ransom demand: $1.4m

  • The average ransom payment: $169,000

The report also highlighted that ransomware demands can vary significantly, ranging from $5000 to $40m.

Some of the most notable cases include hackers targeting Broward County Public Schools in 2021 with a $40 million demand, while Michigan State University faced a $6 million ransom in 2020. However, many schools refuse to pay, citing concerns that meeting demands could incentivize further attacks.

The most affected US states included: 

  • California: 43 attacks

  • New York: 42 attacks

  • Washington and Ohio: Most records breached, with over 800,000 records compromised in each state

Read more on the rising threat of ransomware in the education sector: Education Sector Has Highest Share of Ransomware Victims

As of 2024, ransomware attacks on US educational institutions have shown signs of declining, with only a handful of incidents reported in the first half of the year. However, experts caution that the impact of attacks often emerges later, suggesting the current figures may not fully capture the ongoing threat.

“With the threat of ransomware attacks across the US and worldwide remaining high across all industries, it’s never been more important to ensure employees are clued up, systems are updated and frequent backups are being carried out,” Comparitech concluded.

You may also like

  1. Ransomware May Have Cost US Schools Over $6bn in 2020

    News

  2. Data Breaches in US Schools Exposed 37.6M Records

    News

  3. Securing the Human to be Mightier than the Computer

    Magazine Feature

  4. Exploitation Accounts For 29% of Education Sector Attacks

    News

  5. Vice Society Ransomware Campaigns Continue to Impact US Education Sector

    News

What’s hot on Infosecurity Magazine?