INDIANAPOLIS — A growing number of Indiana K-12 schools are becoming victims of cyberattacks, according to data obtained by WRTV Investigates.
These incidents can cost schools time, money and even put your child’s personal information at risk.
WRTV Investigates requested the data in light of last week’s attack on Canvas, a platform used by K-12 schools and universities across the country.
In Indiana, a new law took effect in July 2021 that requires schools and local government agencies to report cybersecurity incidents to the state’s Office of Information Technology within 48 hours.
REPORTED INCIDENTS BY K-12 SCHOOLS
- 2024: 27 incidents
- 2025: 69 incidents
- 2026: 40 incidents (so far)
Indiana is one of only a handful of states with a law requiring local government agencies to report cybersecurity incidents to the state.
Among the types of attacks include ransomware, business email compromise and vulnerability exploitation, according to records obtained by WRTV Investigates.
WRTV Investigates spoke with Doug Levin, director at K-12 Security Information Exchange, a nonprofit aimed at protecting schools from cybersecurity risks.
“We see every week examples of school systems large and small across the US being affected by cybersecurity incidents,” said Levin. “Sometimes they're ransomware attacks, sometimes they're targeted phishing attacks, sometimes they're something different than that, but there is a steady drumbeat of these incidents happening.”
They’re also seeing an uptick in attacks against companies that serve education like Canvas and PowerSchool.
“The data was stolen and a threat actor is trying to extort the company into paying the money,” said Levin.
Even when no information is compromised, cybersecurity threats can be quite costly to Indiana school districts.
WRTV Investigates filed records requests and found Indiana schools have paid tens of thousands of dollars to help recover from cyberattacks and to improve their IT systems after the fact.
- Baugo Schools spent $10,000 to upgrade their firewall following a cyberattack
- Logansport Schools paid a company $30,000/year to help monitor its systems 24/7
It can also put your child’s information at risk.
“Practicing basic cyber hygiene is, is what remains important and what I would encourage people to do,” said Levin. “Certainly, if you reuse your username and password that you may use for Canvas, you're probably going to want to change that and make sure that you have unique usernames and passwords across all your sites.”
If you know of a cybersecurity incident at a school, please let us know at kara.kenney@wrtv.com.
Tips for protecting your family from cyber attacks
- Ask your school district for their cybersecurity incident response plan
- It should outline what they will do and who they will contact (parents, the FBI, etc.) if there is a threat
- Talk to your kids about good password practices on both their school and home devices
- Use two factor authentication when possible, which makes it harder for someone to get into your accounts
- Do a credit freeze so no one can open accounts in your name or your child’s name.
