ORLANDO, Fla. — Overseas hackers are preying on your children’s most sensitive information!
Several Central Florida school districts say they are continuously beefing up security in order to keep your student’s information out of the hands of cyber criminals!
9 Investigates uncovered several breaches into school district networks across the country and state, including some in Central Florida.
“Everybody should be concerned. Educators, parents, students, teachers. This is definitely growing to crisis levels. And we see no indication that it’s likely to stop anytime soon,” said Doug Levin, founder of K12Six.
Since 2016, Levin’s organization has tracked cyber-attacks on schools across the country. K12Six shared exclusive recent data to 9 Investigates showing 47 “events” hitting Florida school districts between 2016 and now.
This map shows cyber events from 2016 to 2022.
Authorities say they are on alert as the cyber threat against American schools’ skyrockets.
Just in January, 946 US schools fell victim to cyber-attacks, according to cybersecurity company Emsisoft. During all of 2024, there was just a fraction of that-- 83 schools.
These are just the attacks that were reported. Experts say attacks often are underreported.
9 Investigates found of the attacks reported, some of the known hackers were based in the U.S., but several tie back to international hacking groups overseas.
“Largely the most destructive types of incidents are coming from malicious hacking groups, organized criminals largely based overseas, largely based in Russian speaking countries who have made it their business to target U.S. school systems,” Levin said.
“So Russian hackers are going after our children’s information?” Webb reiterated.
“It’s really difficult to grapple with and I think, you know, for school system IT leaders, the notion that they would need to be defending their school networks against essentially professional criminals based overseas is really a very heavy ask,” Levin said.
Cyber criminals didn’t spare Central Florida schools of breaches and attempted hacks, according to K12Six’s cyber attack map.
In 2019, Marion County warned information from more than 37,000 students could have been compromised in a data breach.
The next year, Brevard County alerted parents that cyber criminals could have stolen personal information of about 10,000 students and faculty, but officials now believe it was a scare. There was no evidence that information was compromised.
And in 2023, Flagler County Schools lost more than $700,000 from a phishing scam.
Sumter County Superintendent Logan Brown recalls learning about the district’s cyber-attack in 2020. He was a teacher in the district then.
Court records show a Russian citizen hacked Sumter’s network in 2018.
Hackers stole banking information and created fraudulent credit cards under fake names of school officials. The criminals scammed the district out of more than $200,000.
The feds prosecuted the case and sentenced three Americans who were accomplices to the Russian hacker to more than a year in federal prison.
Emsisoft threat intelligence analyst Luke Connolly says that’s exactly what scammers are after.
“They’re looking for money. They want to identify a victim who has some information that’s going to be of value to them and that’s going to result in them getting paid,” Connolly said.
But how else to get money out of parents then to threaten to release the most sensitive information on your child! It’s just one scheme experts are seeing.
“They’re looking for information that’s compromising or embarrassing or potentially dangerous to be released to the public,” Connolly said.
When you think of records schools store, you might think of grades and class schedules.
But they also have social security numbers, medical records, discipline records, and police reports if the child has been in trouble with law enforcement.
Connolly and Levin say these hackers know that schools are under-funded and under-resourced, especially in the realm of cybersecurity.
“Every dollar that’s going to cybersecurity protections is not going into the classroom and not helping kids learn what they need to for their future. So, it’s a very tough juggling act for schools, which is why, you know, more resources are needed,” Levin said.
“It’s unfortunate that kids in today’s day and age have become targets,” Brown said.
Brown says Sumter County significantly upgraded their system after the cyberattack.
They now require cyber awareness training for students and password changes every 60 days for those with school emails. They also send out district-simulated phishing attacks to identify staff who could be potentially click on phishing links from hackers.
“As the bad guys continue to expand and ramp up their attacks, I promise you that we’re going to continue to grow our defense on those attacks and do what’s best for kids every single day,” Brown said.
Cyber experts say one of the big defenses against these breaches is educating staff and students about what hackers are after and how they can try to trick you into falling for their schemes.
Sumter along with other counties I spoke to say they try to keep their records off systems that need internet to eliminate the risk of records getting into hackers’ hands.
So how can parents protect their child’s information?
The biggest thing is to freeze your child’s credit score.
Social security numbers and other key information is floating around because there are so many breaches happening--whether it be at a school, doctors office or bank.
So, it’s just best practice to have that credit frozen, not just for your child, but for you too!
Experts also recommend making sure your child’s school does its due diligence to keep your child’s information safe. Don’t be afraid to ask questions on how they store the information.
Click here to download our free news, weather and smart TV apps. And click here to stream Channel 9 Eyewitness News live.
©2025 Cox Media Group
