Today, the popular EdTech platform Seesaw experienced a major cyber attack, affecting schools across Illinois, New York, Oklahoma, and Texas (including our home base, McKinney ISD).

The messaging app, used to enable communication between students, parents, and school administrators, was infiltrated by an unknown threat actor. An explicit photo was sent through the platform with a link, raising concern across parents and teachers alike.

Seeaaw has over 10 million users and is actively used in more than 75% of schools in the United States, according to their website.

In early January, Illuminate Education, a leading provider of student-tracking software exposed sensitive data of over three million current and former students.

Then in May, a ransomware attack on Chicago Public School (the third-largest district in the country) exposed four years’ worth of records of nearly 500,000 students.

Over Labor Day weekend, the Los Angeles Unified School District fell victim to an “unprecedented” ransomware attack.

Baltimore Public School District just paid over $8 million dollars to recover from their 2021 data breach.

While similar headlines frequent the news, it is unknown how much student data is actually impacted with no mandated reporting in the education space (evidence suggests 10 to 20 times more incidents go undisclosed every year than are reported). With the data known, K-12 is experiencing one cyber incident per school day.


The K-12 Cyber Incident Map, a visualization of publicly disclosed school cyber incidents from 2016 to present. Maintained as a public service by K12 SIX.

As school systems scramble to ensure data protection, we’re left with a lingering question: how can we keep our students safe?

Understanding The Data is at Risk

School systems are privy to massive amounts of personal data— for students, records consist of demographic information (including race, ethnicity, and income), discipline records, grades and test scores, disabilities and Individual Education Plans (IEPs), mental health and medical history, counseling records and more. For teachers and administrators, this also includes salary information, HR records, and other private information.

Further, accessing a school’s network gives the threat actor a much broader reach.

Schools are more reliant on technology than ever, largely due to the COVID-19 pandemic and the increase of EdTech software used both in and outside of the classroom. This dramatically increases the ability of cybercriminals to infiltrate the school’s network, users, devices, and cloud applications— providing access to a wide array of additional targets, including the EdTech software itself and its respective customers.