On Monday, September 9, 2024, Highline Public Schools in the state of Washington was shut down due to a cyberattack. The school distinct announced that it discovered unauthorized activity on its systems and took action to isolate the compromised systems. Currently, this investigation is ongoing.

Security leaders weigh in 

Brian Higgins, Security Specialist at Comparitech:

“Schools and colleges are a favorite target for cyber criminals because of the wide variety of data they maintain on their networks. Individual, personal information on staff, students, governors/school board members and even suppliers can all be very useful as sell-on criminal assets. Add in grades, government data, safeguarding records and emergency contact details and you have a higher than usual variety of leverage vectors for ransomware attacks too.

“It’s obviously incredibly worrying for all concerned but the most vital thing to do at this point is keep your nerve and monitor official updates for mitigation and protection instructions. Don’t be tempted to engage with any unsolicited contact from any quarter, telephone, email, social media or even visitors to your home. The moment a breach is made public criminals will employ all of these methods and more to further exploit the victims and their user networks.

“Get screenshots or other records if it’s safe to do so and report everything you can but don’t share any passwords, login credentials or other information because despite what they promise things will only get worse if you do.”

Chris Hauk, Consumer Privacy Champion at Pixel Privacy:

“Even though we don’t know exactly what information has been exposed in this breach, parents should assume it has and prepare for the worst. If a bad actor gains access to a minor's personal information, they can use it to fraudulently create credit accounts in the child’s name, meaning the accounts and their unpaid amounts may not be discovered until several years down the line, causing problems for the child later in life. Parents should monitor their child's credit reports and associated records to ensure that bad actors are not laying the groundwork for future havoc in their offspring’s life.”

Anthony Cusimano, Technical Director at Object First:

“With the rise in cyberattacks targeting educational institutions, schools must redefine how they protect their data and most valuable digital assets. Recovery from backups is always the last line of defense in any organization, and attackers know this, often targeting backup data first when launching an attack. To avoid disrupting the learning environment — as we saw with the recent attack against Highline Public Schools — districts must incorporate zero trust data resilience principles to both the backup software and backup storage to segment their environment, create resilience zones, ensure immutability, and minimize the attack surface to keep backups secure so recovery is always guaranteed.”

Akhil Mittal, Senior Manager of Cybersecurity Strategy and Solutions at Synopsys Software Integrity Group: 

“The cyber attack on Highline Public Schools shows how vulnerable our schools have become to cyber threats. Education institutions are attractive targets, not only because they hold sensitive data, but because their defenses are often weaker than large organizations. Attacks like this, timed to disrupt the start of the school year, apply immense pressure that attackers exploit. This incident presents an opportunity for schools to reassess their cybersecurity strategies. By incorporating programs like the NICE K12 Cybersecurity Education framework, we can teach digital safety early on, embedding cybersecurity awareness within the education system itself. Schools can serve as both defenders (against cyber threats) and educators (for the next generation).

“In the short term, staying alert to phishing attempts and securing personal devices are practical steps staff and students can take. Schools should also invest in strong backup and disaster recovery plans to get back on track quickly to minimize the impact of future attacks.”