IT systems at around 330 schools were hacked last year – and experts warn sensitive children's information and photos may have been sold to pedophiles online.
Images and contact details of students may have been accessed, along with data on vulnerable people children.
A report from the Information Commissioner's Office – seen by The Sun – shows that 3,000 UK groups have fallen victim to hacking last year
And 11 percent of those attacks occurred education authorities, much more than previously feared.
Sources say schools are being targeted due to lack of investment in IT and cybersecurity has made them vulnerable.
In some cases, passwords could be easily guessed, leaving networks exposed.
Experts also warn that tight budgets mean schools often rely on donated computers with old security software, while the heads of IT are shared.
Stephen Bonner, the ICO's deputy supervisory commissioner, said: “While cyber attacks As we become increasingly sophisticated, we find that many organizations are not responding accordingly and continue to neglect the fundamentals of cybersecurity.”
Cyber expert Professor Alan Woodward from the University of Surrey said: “These hackers are doing it mainly to make money, leading to grim thoughts about where they will make money from children's data.
“I'm afraid to say that ultimately that data is valuable on the dark web and that's how they make money from it.”
He added: “Schools teach children a lot about how to keep themselves safe online – a cyber equivalent of not talking to strangers.
“But they risk not being able to protect the children if they don't heed their own lessons.”
A spokesperson for the Department for Education said it is providing a range of cyber security support, and stressed that school funding is at its “highest level ever in real terms per pupil”.