We research. You level up.
Protect your devices, your data, and your privacy—at home or on the go.
“Thanks to the Malwarebytes MSP program, we have this high-quality product in our stack. It’s a great addition, and I have confidence that customers’ systems are protected.”
Featured Event: RSA 2021
Activate Malwarebytes Privacy on Windows device.
Cybersecurity Month: Save 25% on EP and EDR for your business – BUY NOW
Parts of the Dark Web “awash” with school children’s personal data
Posted: by
NBC News has collected and analyzed a trove of children’s personal information it discovered on the Dark Web. Even though this information may not be as useful to cybercriminals as credit card details or login credentials, the information is still out there, where we don’t want it.
So what is it, and how did it get there?
Modern ransomware gangs don’t just encrypt data, they frequently steal it too. If their ransom demands aren’t met, they leak the stolen data via their Dark Web sites. These data leaks have lead to information about (amongst others) businesses, police officers, hospital patients, and school children ending up on the Dark Web.
And schools and school districts have been very popular targets for ransomware attacks. In 2021, ransomware gangs published data from more than 1,200 American K-12 schools, according to a tally provided to NBC News by a ransomware analyst.
Ransomware threat actors are always looking for low-hanging fruit. And schools have always been easy targets for ransomware, because of their limited budgets, especially for security. All of which was made worse by the demand for distance learning created by the Coronavirus pandemic.
Some schools may not be able to tell you how much, and what, information they have about your child if you ask them. But the evidence says it’s even worse than you might expect; it isn’t just the information you may have handed over to the school when you filled out the application. Over time, information like medical conditions or your family’s financial status may get added. Some information, like social security numbers or birthdays, will be a constant in the child’s life, and that information in the wrong hands can set up a child for identity theft throughout their life, and at any time in their life.
The NBC article provides a few examples that may raise your eyebrows.
A few months after a ransomware attack on Toledo Public Schools in Ohio, which lead to students’ names and social security numbers being published online, a parent discovered that someone had started trying to take out a credit card and a car loan in his elementary school-aged son’s name.
Following an attack on Weslaco Independent School District, data relating to approximately 16,000 students was leaked, including: Their names, dates of birth, race, social security numbers, gender, immigration status, whether they were homeless or economically disadvantaged, and if they’d been flagged as potentially dyslexic.
The chances of permanently removing information from a ransomware leak site are slim to none. By the time the victim of a ransomware attack pays the ransom, their data has already been stolen, so they have nothing more than the word of criminals that it will be destroyed or kept safe. There is little incentive for ransomware gangs not to trade the data of payers and non-payers alike on some Dark Web forum. And when data has been shown on a leak site, anyone could have grabbed a copy.
Maybe it’s a good idea to clear up some of the misconceptions about the Dark Web. There are two “dark” regions on the World Wide Web: The Deep Web, and the Dark Web.
The Deep Web is an unindexed part of the web, which includes anything behind a login screen, for example. The indexed part of the web—the part that can be found by search engines—is likely to be a small fraction of the entire web, which makes the Deep Web enormous.
The Dark Web is a part of the web that can only be accessed via Tor. The Dark Web is designed to hide the location (strictly, the IP address) of everyone and everything on it. And if you can’t trace the real IP address of a user or a website, you can’t find them, arrest them, or shut them down. Which is why the Dark Web is where you’ll find ransomware leak sites.
Unlike the Deep Web, the Dark Web is extremely small, but it is very popular with criminals, for obvious reasons. Alongside ransomware leak sites, the Dark Web also hosts forums where cybercriminals can buy and exchange information, and marketplaces that sell anything and everything that’s illegal.
School cybersecurity is increasingly important, and parent-pressure makes a difference. Ask your school about its approach to cybersecurity, and what information about your child it keeps. Should you or your children’s information become part of a data breach you may want to read some more about identity theft, and credit monitoring.
October 4, 2021 – Neiman Marcus has suffered a big data breach. What should you do if you are one of the affected customers?
July 30, 2019 – Equifax has been ordered to pay at least $650 million in relation to its enormous 2017 data breach. Users who were affected might be eligible for a claim. But watch out for scams!
Cybercrime | Privacy
November 28, 2017 – Identity theft protection services promise to have your back against cybercriminals looking to steal your data. But they don’t actually stop them from taking your identity. Are they worth it, then? We say no.

Malware Intelligence Researcher
Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.
Silouette of person

Threat Center

Book with bookmark

Suspicious person

Write for Labs

Want to stay informed on the latest news in cybersecurity? Sign up for our newsletter and learn how to protect your computer from threats.
Imagine a world without malware. We do.
© All Rights Reserved
Select your language
Cybersecurity basics
Your intro to everything relating to cyberthreats, and how to stop them.