Data exposed as education sector battles the dark web

A new comprehensive report has highlighted key trends, common vulnerabilities, and emerging risks that independent schools face as they increasingly move to the cloud with valuable student data on the line.

Like many organisations, data breaches can cripple school systems, cause major disruptions and expose sensitive information about students, staff and families.

A recent study conducted by governance, risk and compliance specialist CyberPulse disclosed that out of 100 independent schools across Australia that were assessed, it found a total of 47,032 credentials leaked, 537 stealer logs and 785 dark web mentions. 

CyberPulse director of cyber advisory, Paul Friend said that even though the survey only looked at a small pool of independent schools, it showed the significant cyber security challenges educational institutions faced.

Ransomware, phishing, human error, botnets and malware and exposure to third party risks, zero-day attacks and cloud security are some of the prominent cyber threats facing organisations, and independent schools are not immune. 

Friend said the aim of the dark web analysis was to provide a clear understanding of the cyber threats schools face through looking at compromised data and malicious activity across underground networks.

Using its advanced dark web monitoring tools, CyberPulse focused on key data points such as compromised credentials, stealer logs and mentions of schools or staff on hacker forums.

One of the most alarming aspects of the report, Friend said when it discovered compromised credentials within these independent schools, was information on student profiles. 

“Schools may not believe they are a major target, but they are,” he said. “Bring your own devices presents a big problem too, especially if these devices are not directly managed by the school.”

The education sector opens a vast opportunity for specialist security services providers. However, as Friend points out, they usually don’t have the same budget as a corporate organisation.

Security awareness training, multi-factor authentication and good password hygiene are the basic cyber security steps that schools can take to help combat security risks. 

Friend recommended schools adopt a multi-faceted approach that addressed both access controls and data protection measures. 

“Schools hold a lot of sensitive data like student medical records, family information [and] financial details and if schools aren’t securing it, we’ve got major problems,” he said. 

In the analysis, CyberPulse particularly focused on compromised credentials such as usernames, passwords and other sensitive login details that have been leaked. Stealer logs refers to data captured by malware such as login details, personal information, or browser history, which could then be sold or traded on the dark web.

Stealer logs for sale where data is actively marketed for sale and dark web and hacker forum mentions that produce any reference to a school or staff members on dark web platforms or hacker forums were flagged. 

By collecting and categorising this data, Friend said it was able to pool the results into a comprehensive report that highlights key trends, common vulnerabilities, and emerging risks.

“Our findings provide a broad overview of the threats schools face with the goal of helping them strengthen their security posture and proactively address potential risks before they escalate,” he said. 

The analysis aims to empower schools with the knowledge needed to understand the risks and  serve as a foundation for stronger, more effective cyber security strategies moving forward.