K-12 Cybersecurity Insider | 1/26/2026 edition
A biweekly newsletter providing curated cybersecurity news to the K-12 community, as a public service of K12 SIX. Sign up for the K12 SIX mailing list to have future editions delivered to your inbox.
Mark Your Calendar
1/27 - ‘Cybersecurity in the Classroom: From Reactive Recovery to Proactive Prevention’ Webinar (sponsored by Abnormal AI)
1/28 - K12 SIX Monthly Membership Meeting (member-only)
2026 National K-12 Cybersecurity Leadership Conference
Hosted by the K12 Security Information eXchange (K12 SIX), the 2026 National K-12 Cybersecurity Leadership Conference is a unique event designed for all K-12 cybersecurity practitioners to identify and share solutions and best practices to better defend school communities from emerging cybersecurity threats, such as ransomware and data breaches. The fourth annual conference will be held February 24-26 in Albuquerque, New Mexico. Advance registration required.
Preliminary agenda posted (updated 1/11).
Featuring: Workshops, Tabletop exercise, Birds of a Feather networking, Peer-led educational sessions, Capture the Flag contest, Exhibit hall
Learn from experts at the Cybersecurity & Infrastructure Security Agency (CISA/DHS) and U.S. Department of Education/Privacy Technical Assistance Center (PTAC)
And much more
In the News
Florida Man Arrested for Defrauding Louisiana School District, Stealing $251k
Agents with the Louisiana Bureau of Investigation recently arrested a 58-year-old man from Florida for taking part in a November 2024 scheme to defraud the Sabine Parish School Board (LA) out of more than $250,000. As part of the scheme, a school board employee was persuaded to, unwittingly, send an ACH payment in the amount of $251,972.00 to an out of state bank account controlled by the perpetrator(s). This payment was made to a vendor, believed to be legitimate, for the purchase of metal detectors intended to be placed at Sabine Parish school campuses. The investigation is ongoing.
Nearly $178,000 in payments made by Princeton Public Schools (NJ) to a vendor working on a construction project appear to have been lost in a wire fraud scam. District officials said they alerted authorities last month after they were told three payments sent to a vendor 15 months earlier were never received. Although the incident occurred in September 2024, school board members did not learn about the missing funds until roughly 15 months later, in early December 2025. While the School Board president asserted that the vendor, not the district is ultimately liable for the loss in a recent public meeting, time will tell how it gets sorted out.
Security Lapse at Online Mentoring Company Exposed Student Data
Online mentoring site UStrive has resolved a vulnerability that exposed the personal information of its users, including students. The exposed data included the full names, email addresses, phone numbers, and other non-public and user-provided information of UStrive users, which was accessible to any other logged-in user. According to reporting by TechCrunch, a vulnerable GraphQL endpoint — a type of query database interface — allowed access to reams of user data stored on UStrive’s servers. While UStrive claims “1.1 million students have opted in for a UStrive mentor,” only 238,000 user records were observed at the time of discovery.
Members Get More
The K12 Security Information eXchange (K12 SIX) operates as the independent, non-profit information sharing and analysis center (ISAC) exclusively for the K-12 education sector. Founded in 2020, organizations eligible for membership include school districts, charter schools and charter management organizations, private/independent schools, regional education agencies, and state education agencies. K12 SIX members get more.