It's one thing for people to have their own passwords pwned. It's quite another when someone breaks in via support people's accounts. This is why you don't host your email on other people's servers without end-to-end encryption.
This is why no public institution (school, hospital...) should use cloud services, whatever the term of services.
Since it's public institution I'm not sure why it's all not freely available to begin with, other than FERPA. On the bright side they also pushed a new 2FA program pretty aggressively (aka actually require it ;)) so hopefully much of what's reachable via those credentials is okay.
A social network for the 19A0s.