Educational Services (NAICS 61)

Please provide the information below to view the online Verizon Data Breach Investigations Report.

The information provided will be used in accordance with our terms set out in our Privacy Notice. Please confirm you have read and understood this Notice.

By submitting the form, you are agreeing to receive insights, reports and other information from Verizon and affiliated companies in accordance with our Privacy Policy. California residents can view our California Privacy Notice.

Verizon may wish to contact you in the future concerning its products and/or services. If you would like to receive these communications from Verizon, indicate by selecting from the dropdown menu below. Please note that you can unsubscribe or update your preferences at any time.

Indicates a required field. The content access link will be emailed to you.

View only

Thank You.

Thank you.

You will soon receive an email with a link to confirm your access, or follow the link below.

Download this document

Thank you.

You may now close this message and continue to your article.

Frequency

 

497 incidents, 238 with confirmed data disclosure

Top patterns

 

System Intrusion, Miscellaneous Errors and Social Engineering represent 76% of breaches

Threat actors

 

External (72%), Internal (29%), Multiple (1%), Partner (1%) (breaches)

Actor motives

 

Financial (92%), Espionage (8%), Convenience (1%), Fun (1%) (breaches)

Data compromised

 

Personal (56%), Credentials (40%), Other (25%), Internal (20%) (breaches)

What is the same?

 

System Intrusion and Miscellaneous Errors are yet again two of the top three patterns for this industry. The ratio of External and Internal actors is nearly the same as last year.

Summary

 

Basic Web Application Attacks dropped out of the top three to be replaced by Social Engineering. Ransomware continues to play a large role in breaches in this vertical.

Who saw that coming? 

In move that shocked faculty, staff and students alike, last year’s much lauded salutatorian, Basic Web Application Attacks, has dropped out (of the top three patterns). Miscellaneous Errors is still present (isn’t it always?) and has increased slightly from last year. As you may have guessed, these errors are the usual suspects: Misdelivery, Publishing errors and Misconfiguration. 

Social Engineering clawed its way to the number three position, increasing from 14% last year to 21% in 2023 (Figure 52). This rise is primarily represented by Phishing attacks, which showed up in 18% of breaches, and Pretexting scenarios (4%).

Hacking was present in 40% of breaches, with use of stolen credentials appearing in 31% of them. Not to be outdone, malware also showed up in 40% of breaches, with Ransomware present in 30% of those breaches. Let’s review that finding for the exam: Ransomware was responsible for almost one-third of all breaches in the Educational Services vertical. In spite of this impressive showing from both Hacking and Malware, the System Intrusion pattern, while maintaining its number one spot, decreased slightly from last year.

2023 Data Breach Investigations Report

Let's get started.