K-12 Cybersecurity Insider | 5/18/2026 edition

A biweekly newsletter providing curated cybersecurity news to the K-12 community, as a public service of K12 SIX. Allowlist info[@]k12six[.]org - and sign up for the K12 SIX mailing list - to have future editions delivered to your inbox.

Mark Your Calendar

• 5/18 - “Instructure: Technical Deep Dive on Recent Security Incident” (intended for customers)

• 5/21 - “When the Screens Go Dark:” K-12 Cybersecurity Virtual TableTop Exercise (member-only)

• 5/27 - K12 SIX Monthly Membership Meeting (member-only)

On the Soapbox

Reflecting on a Decade of K-12 Cyber Incidents

On May 18, 2016 - exactly a decade ago to the day - the U.S. Senate Committee on the Judiciary, Subcommittee on Crime and Terrorism held a hearing entitled, “Ransomware: Understanding the Threat and Exploring Solutions.” Charles Hucks, Executive Director of Technology, Horry County Schools provided testimony and answered questions regarding the recent ransomware attack against the South Carolina school district.

Much has changed in education, technology, and cyber crime since that time. Schools use more technology than ever - for teaching and learning, but also for administration and operations. The software schools rely on is no longer run in school-managed data centers, but as vendor-managed SaaS applications in ‘the cloud.’ Threat actors often exfiltrate terabytes of sensitive data in lieu of encrypting it - with extortion demands now reaching seven figures or more. And, while school systems still fall prey to ransomware attacks, threat actors are moving upstream to focus on bigger fish: education vendors, such as Instructure, PowerSchool, and Illuminate.

One is left to wonder:

• Are students and families safer and more secure today than a decade ago?

• Is the technology used in education safer and more secure? Does it respect the privacy and agency of children and youth? Is it free from vulnerabilities and exploits?

• Have schools - and their vendors and partners - allocated sufficient resources and attention to cybersecurity?

• Is the sector more resilient today to cybersecurity incidents than a decade ago?

• Has the response from education leaders and policymakers been sufficient?

Nothing that has occured over the last decade was unpredictable. We can enumerate the problems and issues. Only by working together can we hope to make a meaningful change. Let us not miss the moment to act.

Members Get More

The K12 Security Information eXchange (K12 SIX) operates as the independent, non-profit information sharing and analysis center (ISAC) exclusively for the K-12 education sector. Founded in 2020, organizations eligible for membership include school districts, charter schools and charter management organizations, private/independent schools, regional education agencies, and state education agencies. K12 SIX members get more.