School hacking used to sound like something out of a bad teen movie. A kid in a hoodie, breaking into the system to change grades or crash the Wi-Fi. But in 2025, it is happening more often than you might think, and it is not always about criminal intent. Sometimes it is boredom. Sometimes it is curiosity. And sometimes, yes, it is darker than that.

The recent headlines around students breaching school systems are a reminder of how accessible hacking tools have become and how low the barriers are for anyone with a bit of persistence. But beyond the shock factor, there is an important question: are we missing a chance to turn mischief into something positive?

The Numbers Don’t Lie

The UK’s Information Commissioner’s Office recently looked at 215 school data breaches between 2022 and 2024. More than half of the insider cases (57%) were caused by students. Most of it came down to weak security basics: passwords that were easy to guess or written down, and students using teacher logins to get access.

It is not just the UK. In the U.S., a 19-year-old was charged after accessing an EdTech company’s systems and allegedly stealing the personal data of 70 million students and teachers, later threatening to leak it unless paid.

And then there is the sheer volume of cyberattacks aimed at schools more generally. The UK Government’s 2025 Cyber Security Breaches Survey found 60% of secondary schools reported an attack or breach in the past year. For colleges and universities the number was even higher, at over 85%.

The Stories Behind the Stats

The stats are alarming, but the real stories hit even harder. Take the 15-year-old at Poltair School in Cornwall who hacked into the school’s network mid-lesson because he was bored. He was suspended, and his father questioned whether the school should have seen his talent and curiosity as something to nurture rather than only punish.

Or the group of Year 11 students who hacked into their school’s information management system, affecting the records of more than 1,400 classmates, all using tools they found online. It was disruptive, but it also showed how much damage can be done with nothing more than Google and determination.

The Silver Linings

It is easy to panic at these stories, but there are positives if we look closely.

When a teenager is clever enough to bypass a school’s IT system “for fun,” it is a red flag for the school’s defences but also a sign of potential. Instead of shutting the door, programs like the UK’s Cyber Choices aim to give these kids a legal outlet. With the right guidance, curiosity can turn into a career in ethical hacking or cyber security.

Reports like the ICO’s are also pushing schools to get their basics in order. Stronger password policies, multi-factor authentication, and separating staff and student accounts are simple steps that close off many of the loopholes kids exploit.

And as awareness spreads, schools are starting to realise insider threats do not always mean malicious outsiders. Sometimes the risk is sitting in their own classrooms.

So What’s Next?

Kids hacking schools is not going to stop. If anything, it will become more common as more tools get shared online and curiosity meets opportunity. The real test is how schools, parents, and the industry respond.

Do we treat these kids as budding criminals, or as a generation of digital natives who need direction? Do we keep locking systems down tighter, or also invest in channeling that energy into something positive?

Because one thing is certain: curiosity will always find a way in. What matters is where it goes once it is inside.

That’s this week’s deep dive. But I’d love to hear your take. Should schools take a harder line, or should they be trying to guide students toward the right side of hacking?