Edtech gets schooled by third-party cyberthreats

<p>In the education sector, cybersecurity controls and third-party risk management get put to the test — and frequently don’t get a passing grade.</p>
<p>Academic organizations might not seem like prime targets for cyberattacks, but these data-rich — and security-insufficient — schools, colleges and universities are often just what nefarious actors have in their sights.</p>
<p>In fact, cybersecurity services provider Quorum Cyber documented a 63% year-over-year increase in cyberactivity at higher-ed institutions from 2024 to 2025, and Clever, a K-12 identity platform vendor, found that 52% of U.S. school districts experienced a cybersecurity event in 2025, up 36% from the previous year. Further, threat exposure management platform vendor NordStellar reported that 2.4% of all ransomware attacks in the first half of 2026 targeted the education sector.</p>
<p>A growing trend among attacks on educational organizations is third-party breaches. In late April and early May, edtech company Instructure <a href=”https://www.techtarget.com/searchsecurity/news/366642963/Instructure-cyberattack-reignites-ransom-payment-debate”>confirmed a cyberattack</a> on its Canvas learning management platform. Threat group ShinyHunters claimed responsibility, stating it had stolen 3.65 TB of data, including information about 275 million users across nearly 9,000 schools.</p>
<p>In June, ShinyHunters <a target=”_blank” href=”https://www.highereddive.com/news/colleges-hit-in-cyberattack-by-group-behind-canvas-breach-google-says/822831/” rel=”noopener”>took credit for</a> another higher-ed attack, reporting that it exploited the Oracle PeopleSoft suite, which offers campus applications aimed to help higher-ed manage student records, admissions and financial aid.</p>
<p>The risks and challenges for edtech and academic institutions don’t stop there. In this Reporter’s Notebook video, Dark Reading features writer Arielle Waldman, Cybersecurity Dive senior reporter Eric Geller and TechTarget SearchSecurity executive editor Sharon Shea dive into the reality of edtech cybersecurity, including recent attacks, reasons why the sector is such a prime target and more.</p>
<p><em>Sharon Shea is executive editor of TechTarget Security.</em></p>
<transcript>
<p><b>Editor’s note:</b> <i>This transcript has been edited for clarity and length by Informa TechTarget’s internal AI assistant.</i></p>
<p><b>Dark Reading’s Arielle Waldman:</b> Hi, everyone, welcome to another edition of the Reporters’ Notebook. Today we’re going to be discussing the education sector and all the issues that they’ve been facing. My name is Arielle Waldman and I’m a features writer for Dark Reading. I have Sharon Shea and Eric Geller with me. Would you like to introduce yourselves?</p>
<p><b>Cybersecurity Dive’s Eric Geller:</b> Yes, I’m Eric Geller, senior reporter at Cybersecurity Dive.</p>
<p><b>TechTarget SearchSecurity’s Sharon Shea:</b> Hi, I’m Sharon Shea, executive editor on TechTarget SearchSecurity.</p>
<p>Thank you all for joining us today. We’re excited to chat about edtech and the educational sector and cybersecurity. So, we’re coming off the heels of what folks are calling the biggest attack on education in history. In late April and early May, edtech company Instructure confirmed a cyberattack on its Canvas Learning Management System. Threat group ShinyHunters claimed responsibility for the attack and said that they stole 3.65TB of data, including information from 275 million users across almost 9,000 schools. As of May 11, Instructure said it had reached an agreement with the attackers and that the software is safe to use. I don’t think we know if they paid a ransom or not, but whatever “reached an agreement” means.</p>
<p>And then again, just last week, ShinyHunters also claimed responsibility for further attacks on higher ed, reportedly exploiting the Oracle PeopleSoft software suites, [the vendors] for ERP, CRM [and] HCM, and they have campus applications to help higher ed manage student records, admissions and financial aid. Google noted that while some organizations were able to block or remediate the vulnerabilities before this latest round of attacks, others were compromised and have had their data published on data leak sites. So, education is unique. It’s up against a lot of threats and this just touches on the supply chain side, the software supply chain and organizations getting hit because of their software suppliers, as in through Canvas and the PeopleSoft software.</p>
<p>And also a bit of the ransomware in there, too, right? Because they spoke with the attackers and reached an agreement. So, Arielle, I didn’t know if you want to talk a little bit more about othe

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from Search Security Resources and Information from TechTarget

Read the original article: