By

    The Tech Trident Staff

    ·

    Tags:

    , , , ,

    Watchdog Warns of Rising Trend in Students Hacking School Systems

    The UK’s data regulator has raised concerns about a surge in children breaching their own schools’ IT systems, often treating it as a prank or dare. The Information Commissioner’s Office (ICO) described the issue as a growing “insider threat” within education.

    According to the ICO, most cyber incidents in schools and colleges that originate from within are linked to pupils. Since 2022, the regulator has investigated 215 internal breaches in education, with 57% carried out by children.

    Heather Toomey, Principal Cyber Specialist at the ICO, cautioned that what may start as “a bit of fun” can escalate into serious cyberattacks with damaging consequences.

    Examples of Student Hacks

    The regulator highlighted several cases to illustrate the risks.

    • In one incident, a seven-year-old was involved in a breach and referred to the National Crime Agency’s Cyber Choices programme.
    • Three Year 11 students, aged 15 and 16, hacked into school databases containing the personal records of over 1,400 pupils by using tools downloaded online to crack passwords. They later claimed they were experimenting out of curiosity about cyber security.
    • In another case, a student illegally accessed a college’s databases using a teacher’s credentials, altering or deleting information belonging to more than 9,000 staff, students, and applicants. The compromised data included personal details, health records, safeguarding notes, and emergency contacts.

    The ICO’s figures show that nearly a third of breaches involved students accessing staff systems by guessing or stealing login details. Other cases were linked to staff members, third-party suppliers, or organisations with access to education systems.

    Wider Concerns

    The warning comes at a time when young hackers are increasingly implicated in large-scale cyberattacks beyond education. Over the past year, English-speaking teenage groups have been connected to breaches targeting companies such as MGM Grand Casinos, Jaguar Land Rover, Marks & Spencer, Transport for London, and the Co-op.

    Government research also reflects the rising threat: 44% of UK schools reported a cyberattack or breach in the past year, according to the most recent Cyber Security Breaches Survey.