David Childress, chief technology officer at Louisa County Public Schools, told The Daily Progress there are “literally thousands of attacks every day.”
“Doesn’t mean they’re successful,” he added. “There are thousands of attempts where an attacker is trying to see ‘Is there an open door somewhere that I can get in to start poking around to see what else is available?’”
That was no more apparent than this past winter, when the personal data of students and staff at schools across Virginia, including Charlottesville, was compromised after PowerSchool, a popular K-12 software provider, was hacked in late December.
Most of the information that was exposed was “public directory information,” according to Charlottesville Superintendent Royal Gurley, meaning first and last names, addresses, birthdays, email addresses, race, student identification numbers and graduation years.
All of the stolen information is now believed to have been destroyed, according to the FBI. Under the condition that all of the data be erased with no additional copies made, PowerSchool paid an undisclosed ransom to the hacker who had somehow managed to download the data stored in the PowerSchool Student Information System between Dec. 22 and 28. The hacker used a compromised PowerSchool support technician’s credentials to gain unauthorized access to the software, the company said.
While no apparent harm or loss came to the students and staff who had their data compromised, the cyber attack nevertheless exposed weaknesses in the defenses employed by Virginia school divisions.
Childress joined hundreds of other Virginia school administrators and cybersecurity experts at a conference in Charlottesville earlier this month to learn from each other and discuss how their school divisions and agencies are working to fend off future cyber attacks.
John Collins, the director of information technology at Lynchburg City Schools, told The Daily Progress that communication with other school divisions is typically limited, but that the Charlottesville conference on Oct. 22 was different in that it was open to all.
“None of us do things exactly the same way, and we all have our own sets of resources and skill sets. So being able to share knowledge and go have those aha moments … is so impactful and so great,” he said.
An FBI report notes more than 850,000 complaints of suspected internet crime were filed in 2024, totaling losses at more than $16 billion, a 33 percent increase in losses over 2023.
Christopher Cruz told attendees at the conference that education is the No. 3 most targeted sector by cyber criminals, behind general government and health care.
Cruz is a cyber program manager at the Virginia Fusion Center, a joint operation between the Virginia State Police and Department of Emergency Management in the wake of the Sept. 11, 2001, terrorist attacks to improve information sharing and prevent future attacks.
Almost all cyber attacks are financially motivated, Cruz told conference attendees, before adding that K-12 schools are attacked more often than institutes of higher education.
Childress said that the criminals are usually targeting student names and information, as in the PowerSchool attack.
“They take it, they package it and they sell it for identity theft later on, because they can start building an identity with these kids’ names before they come of age and start doing background checks themselves, he said. “It’s bad for the students, and it’s bad for education.”
Looking ahead, conference attendees said they are concerned about how the integration of artificial intelligence into education will make it even easier to expose students’ data.
“Technology is changing all the time, with AI that’s out now, hackers have free access to code,” Childress said. “As we’ve demonstrated with the conference today, there’s a lot of tools that are freely available out there for attackers to use.”
© 2025 The Daily Progress, Charlottesville, Va. Distributed by Tribune Content Agency, LLC.
