The education sector is once again under siege as Edison Learning, a prominent provider of public school management and virtual learning solutions, has been claimed as a victim of a cyberattack by the notorious Royal Ransomware group. The ransomware gang announced on their dark web data leak site on Wednesday, April 26th, that they successfully infiltrated Edison Learning’s systems and exfiltrated a substantial 20GB of sensitive data. This stolen data purportedly includes “personal information of employees and students,” a claim that raises significant concerns about privacy and data security within the educational institution. The group has threatened to publicly release the stolen data “early next week” if their demands are not met.
Cybersecurity experts, like Doug Levin, the national director at the K12 Security Information Exchange (K12 SIX) and a member of CISA’s Cybersecurity Advisory Committee, note that such announcements from Royal Ransomware typically precede ransom demands and potential negotiation phases with the targeted organization. This suggests Edison Learning is likely facing a significant cyber extortion situation.
Edison Learning has acknowledged a “cyber incident” but refrained from disclosing further details. Michael Serpe, Director of Communications at Edison Learning, stated to THE Journal via email, “Our investigation into this incident is ongoing, and we are unable to provide additional details at this time. We do not have any student data on impacted systems.” This last statement attempts to alleviate immediate concerns regarding student data compromise, yet the claim of employee personal information being stolen remains a serious issue.
Founded in 1992, Edison Learning has a long history in the education sector. Initially established as the Edison Project in Fort Lauderdale, Florida, the company focused on providing comprehensive management services to public charter schools and supporting struggling school districts throughout the United States and the United Kingdom. Historical records from 2015 indicate Edison Learning’s extensive reach, having managed hundreds of schools across 32 states and served millions of students over its operational history. A 2012 sales presentation available online further illustrates their scale, reporting services to 400,000 students across 25 states, the UK, and the United Arab Emirates during the 2009-2010 academic year.
In recent years, Edison Learning has broadened its service portfolio to include virtual schooling programs for middle and high school levels, career and technical education (CTE) courses, and social-emotional learning (SEL) curricula. They utilize their proprietary learning management system, eSchoolware, and promote a range of services on their website, emphasizing “management solutions, alternative education, personal learning plans, and turnaround services for underperforming schools.” This diverse service offering underscores the significant role Edison Learning plays in the educational landscape and the potential impact of a data breach on a wide range of stakeholders.
The Royal ransomware group, against whom CISA issued a cybersecurity advisory in March 2023 due to their aggressive tactics, posted a message on their data leak site stating, “Looks like knowledge providers missed some lessons of cyber security [sic]. Recently we gave one to EdisonLearning and they have failed.” This message highlights a growing concern within the cybersecurity community regarding the vulnerability of educational institutions to sophisticated cyberattacks.
Doug Levin from K12 SIX points out that while false claims of compromise do occur, it is more common for groups like Royal Ransomware to accurately list their victims. Their data leak site currently lists numerous organizations, including several public school districts, community colleges, and universities, as victims since the start of the year. Many of these listings include links to allegedly stolen data, implying a failure to meet ransom demands.
K12 SIX, a non-profit organization focused on enhancing cybersecurity within U.S. public schools, offers valuable resources to the education sector. They provide free guides and templates for K–12 IT professionals and guidance for district leaders and policymakers on proactive cybersecurity measures. Furthermore, K12 SIX hosted a webinar on May 3rd titled “Beyond IT: Building Cabinet Buy-in for a ‘Zero Trust’ Cybersecurity Program,” aimed at equipping school leaders with strategies for strengthening their cybersecurity posture.
The cyberattack on Edison Learning serves as a stark reminder of the persistent and evolving cyber threats facing the education sector. As schools and educational service providers like Edison Learning become increasingly reliant on digital infrastructure, robust cybersecurity measures and proactive threat mitigation strategies are paramount to safeguard sensitive data and ensure the continuity of educational services. The incident underscores the urgent need for enhanced cybersecurity awareness and investment within the education ecosystem to protect students, educators, and the integrity of the learning environment.
