Schools on both sides of the Atlantic have been exposed in recent days to attacks by hackers, reminding us all that ransomware gangs see educational institutions as targets throughout the year.
Evanston Township High School (ETHS), located approximately 14 miles north of Chicago, says it was attacked by ransomware on Sunday, June 7, 2026.
The school closed its campus completely on Monday and Tuesday, canceling summer school classes, sports camps and all other campus activities.
According to an advisory published by the school, the attack not only took out ETHS’s computer systems, Internet services, and phone lines – but also what it described as “critical systems needed to operate the building safely”, including door access control, and public address systems.
It was these offline safety measures that forced the shutdown, according to the high school:
“Without these programs fully operational, we will not be able to safely conduct school, sports camps, or other campus activities.”
The school district says it has notified the FBI, closed all employee accounts as a precaution, and enlisted the help of outside cybersecurity experts in its effort to safely rebuild its systems.
Employees were told not to touch their PCs until they were wiped by IT, and they could not reuse old passwords. Among the systems taken offline is the Home Access Center, a student portal powered by PowerSchool.
If that name sounds familiar to you, it’s probably because you remember that PowerSchool breached a serious cybersecurity law in 2024, when tens of millions of student and teacher records were exposed. The current incident at ETHS is not believed to be related to the 2024 PowerSchool breach.
No ransomware group has claimed responsibility for the ETHS attack, and it is not known if any personal data was released by the hackers. The school, however, expects to reopen on Wednesday June 10, once emergency plans are back in place.
He says that just before the attack in the United States, Powys County Council in Wales revealed that 13 of its schools had been attacked by criminals.
The attack, which was first identified in April but was not made public for two months, did not result in the closure of any schools, but it has been confirmed that student and staff information was compromised in at least one school.
Citing the “sensitive nature” of the disclosed data, Powys District Council declined to name the educational institutions affected. Instead, it says it “contacts affected people directly where necessary and provides advice on steps they can take to protect themselves.”
The sad truth is that schools are attractive targets for cybercriminals. They store sensitive data about children, and use tight budgets and limited resources when it comes to protecting online safety.
And, as shown by the ETHS shutdown, schools often rely on network systems for everything from the platforms used to teach students to providing physical access controls.
Meanwhile, schools not only face serious threats from organized crime groups but also their own walls. The Information Commissioner’s Office in the UK warned last year that schools face a major threat from their students hacking into computer systems for malicious purposes.
The education sector knows that it is a soft target for cybercriminals, which makes it very important that it is properly funded and equipped with the technology to protect itself.
