By Wayne Williams

Copyright techradar

Skip to main content

Tech Radar Pro

Tech Radar Gaming

Close main menu

the business technology experts

België (Nederlands)

Deutschland

North America

US (English)

Australasia

New Zealand

View Profile

Search TechRadar

Expert Insights

Website builders

Web hosting

Best web hosting
Best office chairs
Best website builder
Best antivirus
Expert Insights

Don’t miss these

Get the dunce’s cap – experts warn pathetically weak passwords in the education sector leave classrooms at risk

Many bosses don’t believe their workers have good enough security awareness

Don’t stop at basic protections; make ongoing training a priority

Many workers wouldn’t tell their bosses if they’d been hit by a cyberattack

Insider breaches are a bigger security threat than ever before – here’s how your business can stay safe

I am a data security expert and here are 5 lessons on cyber security from the Legal Aid Agency cyberattack

The resilient retailer’s guide to proactive cyber defense

Thousands of PCs, phones and tablets stolen and lost by UK public sector bodies prompting fears of huge national security risk

Your employee logins are more valuable to criminals than ever – here’s how to keep them protected

70% of new hires click on phishing links within the first 3 months of employment – here’s how to stay safe

AI “set to supercharge insider threats” – as cybersecurity professionals warn of an impending AI agent onslaught

Thousands of organizations have a new, unexpected ’employee’ onboard – and it could be their single biggest security risk

Marks & Spencer’s cyberattack isn’t an exception – it’s a warning

Democratized cybercrime: a new lower bar for hackers and higher stakes for security

Study up on Wi-Fi security before you head back to school

The rise of the student hacker: Dozens of UK schools have fallen victim to insider attacks by their own pupils, worrying ICO research shows

Wayne Williams

17 September 2025

Weak passwords and poor data protection practices are often the way in

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

(Image credit: Getty Images)

ICO finds majority of insider cyber attacks in UK schools caused by students
Many breaches linked to weak passwords or stolen logins exploited by pupils
Officials urge schools and parents to guide curiosity into legal positive channels

The Information Commissioner’s Office (ICO) has warned that students are increasingly behind insider cyber attacks in UK schools and colleges.

Between January 2022 and August 2024, the ICO analyzed 215 data breach reports from the education sector involving insider threats.
It found 57% of incidents were caused by students. Nearly a third stemmed from stolen or guessed login details, with pupils responsible for 97% of these cases.

You may like

Get the dunce’s cap – experts warn pathetically weak passwords in the education sector leave classrooms at risk

Many bosses don’t believe their workers have good enough security awareness

Don’t stop at basic protections; make ongoing training a priority

Logging in, not breaking in
While Hollywood has portrayed teenage hackers with a degree of glamour in films such as Ferris Bueller’s Day Off or Hackers, the reality described by the ICO is both more mundane and more damaging.

Children are not breaking into systems but rather logging in, often by exploiting weak passwords or taking advantage of poor data protection practices.
One case highlighted by the ICO showed how quickly curiosity can turn into a serious breach.
“Three Year 11 students unlawfully accessed a secondary school’s information management system, which holds personal information of more than 1,400 students. When questioned, the students admitted being interested in IT and cybersecurity, and that they wanted to test their skills and knowledge. The students used tools downloaded from the internet to break passwords and security protocols, with two of the students admitting that they belong to an online hackers’ forum.”

Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
In another example from the ICO:
“A student unlawfully accessed a college’s information management system, then viewed, amended or deleted personal information belonging to more than 9,000 staff, students and applicants. The system stored personal information such as name and home address, school records, health data, safeguarding and pastoral logs and emergency contacts. The college’s investigation found the student used a staff login to access its systems. The college reported the incident to the police, to us and Action Fraud.”
The ICO found 23% of incidents in the education sector were caused by poor data protection practices, such as staff accessing records without a legitimate need, leaving devices unattended, or allowing pupils to use staff devices.

You may like

Get the dunce’s cap – experts warn pathetically weak passwords in the education sector leave classrooms at risk

Many bosses don’t believe their workers have good enough security awareness

Don’t stop at basic protections; make ongoing training a priority

Another 20% involved staff sending data to personal accounts, while 17% came from poorly configured access rights.
5% involved insiders deliberately bypassing network security.
“Whilst education settings are experiencing large numbers of cyber attacks, there is still growing evidence that ‘insider threat’ is poorly understood, largely unremedied and can lead to future risk of harm and criminality,” Heather Toomey, Principal Cyber Specialist, said.
“What starts out as a dare, a challenge, a bit of fun in a school setting can ultimately lead to children taking part in damaging attacks on organizations or critical infrastructure.”
The ICO is urging schools to strengthen training, reduce unnecessary access, and ensure data protection is updated regularly.
Parents are also being encouraged to talk openly with their children about online behavior, with the aim of steering curiosity into positive channels rather than criminal activity.
“It’s important that we understand the next generation’s interests and motivations in the online world to ensure children remain on the right side of the law and progress into rewarding careers in a sector in constant need of specialists,” Toomey concluded.
You might also like

These are the best student laptops for learning, not hacking
Back-to-school online safety checklist for parents
Weaponized AI is making hackers faster, more aggressive, and more successful

Wayne Williams

Social Links Navigation

Wayne Williams is a freelancer writing news for TechRadar Pro. He has been writing about computers, technology, and the web for 30 years. In that time he wrote for most of the UK’s PC magazines, and launched, edited and published a number of them too.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Get the dunce’s cap – experts warn pathetically weak passwords in the education sector leave classrooms at risk

Many bosses don’t believe their workers have good enough security awareness

Don’t stop at basic protections; make ongoing training a priority

Many workers wouldn’t tell their bosses if they’d been hit by a cyberattack

Insider breaches are a bigger security threat than ever before – here’s how your business can stay safe

I am a data security expert and here are 5 lessons on cyber security from the Legal Aid Agency cyberattack

Latest in Pro

Adobe Stock celebrates 10th birthday with pay out for contributors and one long-awaited update I think creators will love

Ubigi CEO says eSIM-powered cars are turning into the new mobile office and more automakers will adopt eSIM technology in the coming years

Samsung and AMD made a revolutionary SSD together – then it was left to wither in the shadows and nobody knows exactly why

Adata’s latest SSDs highlight a growing trend in mobile storage but can’t hide a rather sobering reality

Microsoft 365 Copilot will be automatically installed on 365 Clients in October

New Phoenix RowHammer attack cracks open DDR5 memory defenses in minutes

Latest in News

Should you upgrade to iOS 26? Some iPhones owners are already regretting it – here’s why

ExpressVPN’s latest update makes using its iPhone VPN even easier – here’s all you need to know

TechRadar Choice Awards 2025: Fitness & Home Tech categories – vote for your winners now!

How to watch Love Island Games season 2 online and for FREE from anywhere

I’ve tried CarPlay’s new iOS 26 makeover – here are my 5 favorite upgrades

TikTok to be saved in the US as Trump confirms a deal with China ahead of upcoming ban

LATEST ARTICLES

The way Panasonic’s attractive new open earbuds sound makes me smile, but they’re so annoying to operate

The Backbone Pro is an excellent mobile controller, but I’m not convinced by its cloud gaming features

I’ve tried CarPlay’s new iOS 26 makeover – here are my 5 favorite upgrades

This underrated ChatGPT feature lets you replace AI’s annoying personality – here’s how to use it

This new iOS 26 Apple Maps feature is like Spotify Wrapped for your travels – and I can’t wait to try it

TechRadar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.

Contact Future’s experts

Terms and conditions

Privacy policy

Cookies policy

Advertise with us

Web notifications

Accessibility Statement

Future US, Inc. Full 7th Floor, 130 West 42nd Street,

Please login or signup to comment

Please wait…