Dive Brief:
- In 2025, there were 251 ransomware attacks on educational institutions worldwide — of which 94 incidents were confirmed by the targeted organizations, according to a report released Thursday by Comparitech, a cybersecurity and online privacy product review website. Additionally, 3.96 million records were breached among those confirmed attacks.
- Ransomware attacks on the education sector worldwide began to slow down in 2025, with the number of incidents targeting schools, universities and other educational institutions rising slightly, by 2%, compared to the year prior, according to a separate report released last month by Comparitech.
- The U.S. had the highest number of education-related ransomware attacks in 2025 with 130, of which 50 were confirmed by Comparitech. Even so, the U.S. saw a 9% decline in the number of ransomware attacks its educational institutions fell victim to between 2024 and 2025.
Dive Insight:
Over the past several years, schools and ed tech companies based in the U.S. have continued to fall victim to cyberattacks, which can often include ransomware. Between July 2023 and December 2024, 82% of K-12 schools experienced a cyber incident, according to a survey by the nonprofit Center for Internet Security.
However, while the number of total recorded ransomware attacks — 7,419 — across all sectors in the world jumped 32% from 2024 to 2025, Comparitech said that the “positive news” is that the education sector did not see a similar trend.
Educational institutions saw similar year-over-year attack figures, which could be due to a number of factors, including certain hackers shifting their focus to other industries like manufacturing, the January Comparitech report said.
The average ransom demand in the education sector globally also dropped by 33%, from $694,000 in 2024 to $464,000 in 2025, the latest report said.
In a recent incident in September, Texas' Uvalde Consolidated Independent School District experienced a ransomware attack and confirmed it in a district Facebook post. The attack forced schools to close for several days after the ransomware was detected within the district’s servers, which includes phones, camera monitoring and visitor management systems, according to Uvalde CISD. “These systems are crucial for the safety and security of our schools,” the district’s Facebook post said.
The district added in a separate Facebook post in late September that Uvalde CISD did not pay a ransom to threat actors and the district’s systems were restored using backups. At the time, Uvalde CISD said there was no evidence of unauthorized access into sensitive or personal information, but an investigation into the incident was underway.
Though unconfirmed by the school districts, Comparitech also said that Massachusetts’ Fall River Public Schools and Washington’s Franklin Pierce Schools were both targeted in 2025 by threat actors who demanded a ransom payment of $400,000 from each district after the ransomware gang Medusa claimed it stole both school systems’ data. Both districts were included within the top five largest ransom demands in the education industry worldwide last year, Comparitech reported.
Ed tech companies have also been cyberattack victims as seen in mass data breaches of millions of sensitive student records at Illuminate Education in December 2021 and PowerSchool in late 2024. K-12 technology experts foresee the ed tech sector to be held more accountable by government officials at the state and federal levels this year over the issue as tighter, updated federal regulations for the Children Online Privacy Protection Rule and as ongoing state investigations into past ed tech company data breaches roll out.
In 2025, the Trump administration eliminated key federal resources to support school districts’ cyberdefense measures, including the shuttering of the U.S. Department of Education’s Office of Educational Technology and the discontinuation of K-12 cybersecurity programs offered through the Multi-State Information Sharing and Analysis Center. Since then, education nonprofits and associations have flagged that financially strapped schools could be increasingly vulnerable to cyberattacks without these crucial federal supports.
