Data terrorists are stealing children's confidential files from schools with relative ease and dumping their info on the dark web unless the school districts pay a ransom, according to experts.

Most of the time, the victims will not even know it happened, said Ross Brewer, CRO of SimSpace, with 30 years of experience in cybersecurity.

"This is highly personal information we're talking about," Brewer told Fox News Digital. "Schools are an attractive target for criminals because they know schools store large amounts of personally identifiable information on their students and often their parents."

"This could be a student's psychological issues, even suicide attempts, health information, truancies, parent interactions that are scooped up in these hacks."


Screen showing system hacked logo

American flag waving with the Capitol Hill in the background. (iStock)

This disturbing crime trend first gained traction during the pandemic, then temporarily dipped in 2020 and 2021 before it became a lucrative and widespread crime over the last year and a half.

"In 2022, 65 individual ransomware attacks affected 1,436 schools and colleges, potentially impacting 1,074,926 students," according to a July 2023 study by Comparitech, which has uncovered large-scale cybersecurity breaches around the world.

There have already been 37 confirmed attacks on schools this year, compared to 26 at this point last year, Comparitech reported.


Between June 2022 and May 2023, there were 190 known ransomware attacks against educational institutions, which included an 84% spike over the last six months, according to a study by Malwarebytes, which included colleges and universities.

"The education sector is particularly vulnerable to cybercriminals, because schools are more worried about teaching their students than about cybersecurity," Brewer said. "Schools are often not well-resourced, with low IT budgets meaning they cannot afford the latest cyber defenses."

While the numbers appear jarring, it is likely just the tip of the iceberg, according to Brewer, who said about 85% of ransomware attacks are not reported.

Cyberattacks against educational institutions between June 2022 and May 2023

There were 190 known ransomware attacks against educational institutions, according to a study by (

Even victims of highly publicized cases likely do not know their information was stolen.

In March, a cybergang hacked the Minneapolis School District and demanded a $1 million ransom.

The district did not engage with the ransom demands, and more than 300,00 intimate student files were uploaded to the dark web, including complete sexual assault case folios, medical records, discrimination complaints, Social Security numbers and contact information of district employees.


The Associated Press followed up with a shocking report last week that included interviews with six students whose sexual assault case files were exposed.

"The message from a reporter was the first time anyone had alerted them," the article said.

"Truth is, they didn’t notify us about anything," said a mother whose son’s case file has 80 documents.

The criminals in this case were especially aggressive and shared links to the stolen data on Facebook, Twitter, Telegram and the dark web, which standard browsers cannot access, the AP reported.

A handwritten note naming three students involved in one of the sexual abuse complaints was featured for a time on YouTube competitor Vimeo, which promptly took down the video.

"Please do something," begged a student in one leaked file, recalling the trauma of continually bumping into an ex-abuser at a school in Minneapolis. Other victims talked about wetting the bed or crying themselves to sleep, according to the AP report.


"Hackers have no qualms about targeting learning institutions and stealing privacy data from innocent children," Brewer said.

"They are purely motivated by greed, and they know that schools will often pay a ransom to avoid sensitive or even embarrassing information being released on the dark web or worse the public facing internet."

Other big districts were recently stung by data theft, including San Diego, Des Moines, Iowa, and Tucson, Arizona, according to the AP.

Graphic of a malware insignia.

Photo graphic of a computer with a blue atlas on the screen and a lock. (Fox News)


Despite the tragic outcome, he agreed with the Minneapolis School District's decision not to pay the ransom.

"It goes back to Margaret Thatcher, who said, 'We don't negotiate with terrorists,' and these are data terrorists," Brewer said. "By negotiating or by paying the ransom, you're not only fueling the cyber crime, but inadvertently funding other crimes that impact children, including trafficking, drugs and everything that's related to crime while growing their cyber crime network."

Brewer then asked what is to stop them from dumping the files even if the school district pays.


"There's the expression, ‘No honor among thieves,' right? The same criminals that broke in and stolen children's data are saying, 'Don't worry, we'll delete your information if you pay and everything's gonna be fine.' You have to be either really optimistic or naive to believe them."

Two states - North Carolina and Florida - banned state agencies and local governments from even interacting with cybercriminals demanding ransoms.

"North Carolina and nations like Australia are right to instruct schools and other critical national infrastructure organizations not to pay ransoms, as every ransom paid inspires more criminals to join the hacking community," Brewer said.

"Even if an organization pays the ransom, the hackers still have a digital copy of children’s data and can still sell it on the dark web."

Person typing on their laptop with graphics of keylock and a world atlas.

There are many ways to keep your data safe from malware that include two-factor authentication and keeping software up to date. (


Cybercrime, in general, is a very lucrative criminal enterprise, according to Brewer, who said his company SimSpace expects cyber crime to reach $10.5 trillion by next year, which is up $3 trillion from a decade ago, which makes it a worldwide issue.

However, the U.S. has felt the brunt of the attacks, according to Malwarebytes' study, which says America had 107 reported attacks between June 2022 and May 2023. 

The next closest was the U.K. with 28, according to the study. 

Cyberattacks against educational institutions between June 2022 and May 2023 around the world

The U.S. has more reported cyberattacks by far than any other country in the world, according to a study by (

Brewer said countries, particularly the U.S., need "urgent" legislation that hits cybercriminals targeting schools with a "sledgehammer."

"These cybergangs and criminals targeting children need to know that they're being hunted down and being sanctioned, so they go for other targets," Brewer said.

"Lawmakers need to make (the punishment) so heinous that the criminals go, ‘Whoa. It's just too hot. We got to keep away from schools and go after companies or banks or things like that."


The March attack in Minneapolis is still having a crippling effect as officials and law enforcement continue to work the case.

External specialists and law enforcement are still reviewing the leaked data, the district told Fox News Digital in an email.

"This has been an arduous manual process that should be concluded soon. Accuracy is key," the district said.

Parents who spoke to The Associated Press expressed rage and frustration with the school district for not telling them that their children were victimized four months after the attack.

"MPS has every intention of notifying individuals whose information may have been made accessible in this breach," the district said in the statement.


"As a precautionary measure, potentially impacted individuals will be offered free credit monitoring services, including information on how they can place a fraud alert on their credit file, place a security freeze on their credit file and obtain a free credit report," the statement went on.

Officials said they have made more resources available on the district site.