Kids are making a mark in the U.K.’s cybersecurity arena, and not in the way their parents want them to. According to the country’s Information Commissioner’s Office (ICO), students were behind more than half of personal data breaches in schools.

In a warning to teachers and educational institutions, the ICO outlined its analysis of 215 data breach reports resulting from security incidents originating from inside schools, finding that 57% of the hacks were pulled off by students.

Nearly a third of the breaches were made possible because students guessed commonly-used passwords, or just found login details written down, per the ICO.

The ICO did say, however, that a small number of incidents (5%) required more sophisticated techniques to bypass security and network controls. The regulator gave an example of how three Year 11 students hacked into a school’s student information system using tools to break passwords and bypass security protocols; two of the students even confessed to being part of a hacking forum.