345/68 Tuesday, September 16, 2025
The UK Information Commissioner’s Office (ICO) has revealed in a new report that students were responsible for more than half of all school-related data breaches in the country, accounting for 57% of incidents. Strikingly, over 97% of cases involving stolen user account data originated from students themselves. Many incidents stemmed from guessing weak passwords or discovering credentials written on paper, underscoring that insider threats in schools remain an unaddressed issue.
An analysis of 215 data breach cases between January 2022 and August 2024 highlighted clear patterns: over 23% resulted from weak data protection, such as teachers leaving devices logged in or unattended; 20% came from staff sending data to personal devices; and 17% were caused by system misconfigurations, such as improperly set permissions on SharePoint. In contrast, only 5% of incidents involved skilled attackers intentionally attempting to hack school systems.
The ICO and the UK’s National Crime Agency (NCA) warned that activities in schools often starting from curiosity or dares could lead to future involvement in cybercrime. NCA data shows a concerning proportion of children aged 10–16 admitted to engaging in illegal online activities, with some beginning as early as age 7. Authorities are urging parents to discuss online behavior with their children and encourage participation in the Cyber Choices program, which aims to help young people channel their IT skills toward constructive and safe paths.
