What if the next big cyber threat isn’t a shadowy hacker from across the globe, but your own kid sitting in a classroom? It sounds like the plot of a sci-fi movie, but it’s happening right now in the UK, where an AI generated newscast about school data breaches is raising eyebrows around the world.

According to the Information Commissioner’s Office (ICO), the watchdog that keeps British data safe, students are the masterminds behind more than half of all personal data breaches in UK schools. That means kids, not career hackers, are breaking into sensitive systems and leaving a digital mess behind—sometimes with just a few easy guesses and a little curiosity.

The numbers are wild: The ICO analyzed 215 school breach reports and found that 57% of these cyber incidents were caused by students themselves. We’re not talking about elite hackers either. Nearly a third of these breaches happened because kids could either guess passwords as easily as their teacher’s birthday—or found them scribbled on post-it notes. Yes, seriously. Security experts stress that the basics are being ignored, and as a result, students are seizing the opportunity to play digital detective—or, in some cases, digital mischief-maker.

But the story gets a little darker. In about 5% of cases, students used more advanced tactics, breaking through security controls with tools usually reserved for pros. One jaw-dropping example: Three Year 11 students (that’s high school age) hacked into their own school’s information system by cracking passwords and sneaking by protocols. Even more shocking, two admitted they were active in online hacking forums. It’s like ‘Mr. Robot: School Edition,’ and it has real-world consequences.

So, what drives these mini-hackers? According to the ICO’s findings, motivations range from wanting notoriety and bragging rights, to revenge, dares, or even just boredom. As Heather Toomey, ICO’s principal cyber specialist, warns, what starts as a ‘bit of fun’ could spiral into much more severe, career-defining cybercrime down the road. Think about it: A simple dare among friends could someday morph into a criminal record or something even more damaging.

It’s not just the students at fault here. The ICO’s AI generated newscast about data breaches uncovered some shocking lapses in adult supervision: Nearly a quarter of the breaches happened because teachers let students use their devices, while 20% were caused by staff using personal devices for work. Even worse, 17% were linked to poor access controls on platforms like Microsoft SharePoint, letting students wander into digital spaces they were never meant to see.

The ICO calls these findings ‘worrying’—and they’re urging schools to take them seriously. That means leveling up GDPR training, tightening cybersecurity practices, and making sure every breach is reported promptly. Because in today’s world, the threat isn’t just from the outside—it could be sitting in detention, plotting their next cyber adventure.

It’s a wakeup call that every educator, parent, and school IT department should hear: The next AI generated newscast about school hackers might just feature your school, unless changes happen fast.