top of page
  • Admin

Hacking Higher Education – When Tuition Isn’t The Only Price To Pay

Published: October 30, 2022 on our newsletter Security Fraud News & Alerts Newsletter.

With escalating tuition costs for colleges and universities, there’s also a hidden price to higher-ed that the FBI’s Cyber Division is confronting head-on. Cyberattacks against U.S. colleges and universities are escalating too, threatening lasting damage to students, faculty, and the schools themselves.

A Sophos study finds that IT and Finance are the only sectors targeted more often than education. They also find education is one of the most targeted sectors by ransomware cartels.

The first known higher-ed cyberattack was in 2002 and involved student PII only. In 2014, these attacks became more aggressive and more advanced over time. Verizon’s Data Breach Investigations Report finds the number of these attacks increased nearly tenfold over the next few years and began targeting much more than student PII.

Higher-Ed = Highly Valuable Targets

Stolen PII offers up not only names, login info, email and physical addresses, but can also reveal banking data, payment cards, student financial aid details, and much more. Hackers benefit from using this information themselves or sell it on underground hacker forums.

The FBI’s Cyber Division reports stolen passwords and usernames can lead to credential stuffing attacks. Hackers hope the victim used the same login data for other accounts, giving them opportunities for even more theft.

But it’s not only students who are at risk. Universities and colleges also have other data stolen, including that of faculty and other employees. This is where threat groups and others get fuel for ransomware attacks.

More eye-popping ransomware data from Sophos comes from surveyed U.S. colleges and universities in 2021: 44% of organizations suffered ransomware attacks; 35% of those whose data was encrypted paid the ransom to get their data back; average ransom payments were $112,435; the average price tag to fix other damages from ransomware (employee downtime, network and device cost, etc.) was $2.73 million, the highest of all sectors surveyed. That’s a lot of Dollars.

Some Tips For Everyone To Keep The Cost Of College Just For College; Not Hackers:

  • Watch for phishing. It’s the top way fraud occurs, malware makes it way in, and PII and other sensitive data is stolen. Keep the peepers peeled for typos, poor grammar, a sense of urgency directed toward you, and links or attachments that are unexpected that arrive in email or texts.

  • Stay on top of latest cybercrime trends such as scams circulating on social media. These are hotspots for taking advantage of students and everyone else.

  • Use strong passwords and a different one for each and every online account. Use multifactor authentication (MFA) whenever possible.

  • Don’t give out login credentials to anyone; not even IT or tech support personnel. Have them reset your passwords instead and change them yourself.

  • Don’t pay ransom payments. Instead, backup your computers and devices so they can be restored, should ransomware find its way to you.

To this day, the key part of the problem for higher education institutes is they sorely lack the proper protection against cyberattacks. Until this issue is resolved, students, faculty, and the institutes themselves will continue to be ripe targets for ruthless attacks. The good news is, the FBI is committed to working with academia to ensure they’re well-prepared against future cyberattacks.

Keep up to date: Sign up for our Fraud alerts and Updates newsletter

Want to schedule a conversation? Please email us at

bottom of page