Hackers leaked on Monday the private information of 30,000 Israeli teachers and students and are putting records of an additional three million up for sale.
The group, which goes by the moniker The Generous Thief, posted to its Telegram channel files containing first and last names, ID numbers, birth dates, home addresses, phone numbers, emails, and more.
The data was most likely stolen from the Center for Educational Technology (CET), a nonprofit dedicated to integrating pedagogical innovation and advanced technologies into the Israeli education system. Its online learning platform serves tens of thousands of Israeli students every year.
On Monday, CET said that it found "indications of a cyber incident" during its preparations for the opening of the school year and that it was working with the National Cyber Directorate to amend the situation.
CET noted, however, that its online learning systems were working as usual.
"We are investing the necessary resources and carrying out all the tests and actions in coordination with the relevant parties. The web is rich with disinformation and fake news," company officials said.
The students whose information has been compromised are no longer part of the education system as all of them were born in the 1990s or early 2000s, raising questions about how up-to-date the leaked data is.
Posting in broken Hebrew, the hacker group presented itself as a collective that wishes to exact vengeance on the government for what they deem its mistreatment of teachers.
"Okay enough! Finally in this period you truly harmed the teachers," the group wrote. "What do they think if now we bother them? To start taking our rights back we broke into the biggest educational technological center (CET) in Israel. And it continues."
The mistake-ridden tirade raised suspicion among cyber experts that the group behind "The Generous Thief" were actually pro-Iranian or pro-Palestinian hackers who are trying to use a recent dispute between the government and teachers' unions to mask their true identity.
Cybersecurity firm Check Point told Ynet that it has seen a clear rise recently in malicious attacks against Israeli targets by pro-Iranian or pro-Palestinian hackers using Telegram.
"The fact that these attacks are reported at a high pace, in close intervals to other security events, shows that the central purpose of the attackers is to create a resonance around these attacks," the company said.
"Although the information exists there, it does not necessarily match their claims, there is no doubt that there are things here that should not happen. From embarrassing information to long records of names, birth dates, passwords, and phone numbers - these are tools that in the digital era are worth a lot to hackers."