Educational Services (NAICS 61)

Please provide the information below to view the online Verizon Data Breach Investigations Report.

First Name: Last Name: E-mail: Organization: Organization type Country:

The information provided will be used in accordance with our terms set out in our Privacy Notice. Please confirm you have read and understood this Notice.

By submitting the form, you are agreeing to receive insights, reports and other information from Verizon and affiliated companies in accordance with our Privacy Policy. California residents can view our California Privacy Notice.

I confirm I have read and understood

Verizon may wish to contact you in the future concerning its products and/or services. If you would like to receive these communications from Verizon, indicate by selecting from the dropdown menu below. Please note that you can unsubscribe or update your preferences at any time.

Indicates a required field. The content access link will be emailed to you.

View only

Thank You.

Thank you.

You will soon receive an email with a link to confirm your access, or follow the link below.

Download this document

Thank you.

You may now close this message and continue to your article.

Frequency		1,780 incidents, 1,537 with confirmed data disclosure
Top patterns		System Intrusion, Social Engineering and Miscellaneous Errors represent 90% of breaches
Threat actors		External (68%), Internal (32%) (breaches)
Actor motives		Financial (98%), Espionage (2%) (breaches)
Data compromised		Personal (83%), Internal (20%), Other (18%), Credentials (9%) (breaches)
What is the same?		The same three patterns dominate this vertical as last year. External actors stealing Personal data accounts for the majority of breaches.

Resumen

Errors of various types committed by internal actors and Extortion from external threat actors continue to constitute the curriculum of this industry.

Learn from your mistakes.

The Educational Services industry has a great deal to be proud of. It played a significant role in what was ultimately the creation of the internet, it created the textbook industry that we all know and love, and, of course, arguably its crowning achievement: recess. In spite of all this success, however, it is not without problems. But before we get into the Advanced Placement-level breach findings, let’s cover the more remedial Error section. Figure 59 shows that the Miscellaneous Errors pattern has been trending upward for the last two years in the Educational Services vertical. Not unlike the other industries that we examine, Misdelivery is front and center, accounting for 56% of errors. Loss (19%) and Classification error (10%) round off the top three error varieties.

I feel so exploited.

Now that we have Errors out of the way, let’s talk about the real area of concern for this vertical. The action types of malware (Backdoor – 57%), hacking (Exploit vuln – 56%) and social (Extortion – 50%) were present in almost the exact same percentages. This, of course, indicates that MOVEit—the well-known file transfer software that, when exploited, caused so much trouble for so many over the last year—was definitely enrolled in the Educational Services industry. As readers may recall, Ransomware was prevalent in this industry in last year’s report and the end game of Ransomware is Extortion. The campaign that leveraged the MOVEit exploit was simply another, more refined,⁹⁵ method of achieving the same goal. Since the MOVEit exploit was present to such a high degree, Ransomware decreased proportionately as Backdoor increased. However, the end result for Educational Services was the same: It helped criminals pay off their student loans rather rapidly.