K-12 Cybersecurity Insider | 5/4/2026 edition

Written By Doug Levin

A biweekly newsletter providing curated cybersecurity news to the K-12 community, as a public service of K12 SIX. Sign up for the K12 SIX mailing list to have future editions delivered to your inbox.

Mark Your Calendar

In the News

EdTech Companies - Like Most Small/Medium Businesses - Under Frequent Cyber Attack

Small and medium businesses - including the majority of U.S. K-12 education software businesses - are frequent cybersecurity targets: 59 percent of small and medium businesses experienced a cyber attack in the last year, according to one insurance company’s research. Yet, for many, the reaction to a K-12 vendor experiencing a cyber attack is one of shock and surprise. In the last several months, we’ve seen new reports of incidents affecting: Navigate360 (ongoing), LINQ, Infinite Campus, Instructure (again, ongoing), McGraw Hill, Follet (ongoing), PowerSchool (largely missed, given the prior well-publicized incident), Kaplan, and UStrive, among others. We’ve also seen settlements with regulators (Illuminate) and ongoing court cases (Bain/PowerSchool) that, while likely to shape market behavior, won’t do enough in and of themselves to stem the tide. Clever’s most recent K-12 cybersecurity report highlighted the surge in K-12 vendor incidents, writing: “For cybersecurity measures to be most effective, districts and vendors will have to work together.” Indeed, if we make that mental shift from being surprised by an edtech vendor incident to instead expecting that they are likely to occur - because that is what evidence shows - what else may need to change?

Student Credentials Deserve Protection, Too

Who cares about Johnny’s grades or homework assignments, you may wonder? Probably not many people - and certainly not most threat actors. Instead, they have other uses they can put that access to, as several Connecticut communities have recently learned. State and local police in and around Putnam have been investigating a string of threats against local schools, many of which officials say are likely linked to compromised student email accounts and scam-related activity originating from foreign domains. One has to imagine that local law enforcement - having to spend time and resources in responding - would vehemently agree that stronger student account protections are warranted.

Millions Stolen from Schools Via Business Email Compromise Attacks

Two recent stories that drive home the seriousness of the issue: In Arkansas, one school system was bilked out of more than $3.2 million, while a North Dakota school system had nearly $5 million stolen. The kicker: the techniques used by threat actors to carry out these attacks are well-understood as are the ways to stop them. One spot of good news: when perpetrators are based in the U.S., law enforcement can and does act - sometimes resulting in jail time and financial penalties for the perpetrators.

Save the Date: 2027 K12 SIX Annual Conference

K12 SIX is pleased to announce that the next edition of the premier event for K-12 cybersecurity practitioners will be held from February 17-19, 2027 in Atlanta, Georgia. Mark your calendars and stay tuned for more information on speaker submissions, registration, and sponsorship opportunities.

Members Get More

The K12 Security Information eXchange (K12 SIX) operates as the independent, non-profit information sharing and analysis center (ISAC) exclusively for the K-12 education sector. Founded in 2020, organizations eligible for membership include school districts, charter schools and charter management organizations, private/independent schools, regional education agencies, and state education agencies. K12 SIX members get more.

Doug Levin
Next

K-12 Cybersecurity Insider | 4/20/2026 edition