Britain’s data watchdog has raised the alarm over a rise in children hacking into their own schools’ computer systems — often for dares or simply out of curiosity.
The Information Commissioner’s Office (ICO) says pupils are now behind most “insider” cyber breaches in education, warning that what starts as a prank can quickly escalate into something far more serious.
More Than Half of Breaches by Students
Since 2022, the ICO has investigated 215 cyber incidents linked to schools and colleges. In 57% of cases, the culprits were students.
Other breaches came from staff, contractors or third parties with access to systems. But the ICO says the scale of pupil involvement shows schools are underestimating the risk posed by their own students.
Heather Toomey, the ICO’s Principal Cyber Specialist, said: “What starts out as a dare, a challenge, a bit of fun in a school setting can ultimately lead to children taking part in damaging attacks on organisations or critical infrastructure.”
Cases Involving Young Children
Some of the breaches have involved very young pupils. In one case, a seven-year-old managed to get into a school system and was later referred to the National Crime Agency’s Cyber Choices programme, which helps children understand the risks of cybercrime.
Teenagers have also been implicated in more serious cases. Three Year 11 pupils were found to have broken into school databases containing details of more than 1,400 students. They used hacking tools downloaded from the internet to crack passwords and bypass security.
In another case, a college student gained access to a database by using stolen teacher login details. The breach exposed or altered the records of more than 9,000 staff, students and applicants — including addresses, health records and safeguarding notes.
Schools Under Pressure
The warning comes as schools report rising levels of cyberattacks more generally. Government figures show 44% of schools experienced a breach or attack in the past year.
Authorities say there is also a wider culture of youth cybercrime, with teenage hackers in the UK and US linked to attacks on big companies such as MGM Resorts, Marks & Spencer and Transport for London.
The ICO has urged schools to tighten their security and ensure staff recognise that pupils themselves can be a threat. It is also encouraging more education around online crime, to stop curiosity from turning into criminal behaviour.
Key Takeaway
The ICO says children — some as young as seven — are now behind most insider cyber breaches in schools. Officials warn that what starts as a bit of fun can quickly cross into serious crime, and are urging schools to take the threat more seriously.
