A London secondary school has fallen victim to a cyberattack, resulting in a significant amount of personal data being accessed. Leytonstone School has been shut temporarily as a result of the attack, and the incident highlights that educational institutions remain a popular target for criminals.

Students are being allowed to sit exams at Leytonstone School, but all other pupils are having to work remotely after a cyberattack (photo by Monkey Business Images/Shutterstock)

The 800 pupils at the school located in Waltham Forest, North East London, are having to take classes remotely until the school is able to reopen.

Cyberattack on Leytonstone School disrupts classes

The school has been closed since last week’s half term holiday as a result of the attack. Children have been forced to continue their learning from home, but students currently sitting their GCSEs have been allowed to take their exams within the school grounds.

The attack has led to a significant amount of personal data being accessed, the London Evening Standard reports. The school’s WiFi has also been knocked offline and its phone systems are not working.

No criminal gang has yet claimed responsibility for the attack.

The main reason the school cannot open is that a document called a “single central record” is inaccessible. This document contains information and vetting checks on all staff. 

In a letter to parents of the school’s pupils, the head teacher, Jessica McQuaid, explained that it is illegal for the school to open without this document being in place. Staff are in the processes of recreating the document, but the school is expected to remain closed for the rest of the week.

McQuaid said in a letter to parents seen by the Evening Standard: “I am incredibly sorry for the short notice but it is illegal for schools to open without this document in place. I am devastated that this IT incident has taken place and impacted the start of the half term for pupils.”

The school has contacted the National Cyber Security Centre and data regulator the Information Commissioner’s Office (ICO) to aid them in recovery, advising parents to change their passwords for any school accounts such as Google Classroom and ParentPay.

A spokesperson for the ICO said: “Leytonstone School has reported an incident to us and we are making enquiries.”

Schools are a common target for cybercriminals. Last August the ransomware gang Hive demanded £500,000 from two sixth-form colleges in Bedfordshire, which make up the Wootton Academy Trust, after a cyberattack, where they threatened to leak stolen data online.

The cybercrime group actually contacted the pupils’ parents, warning that their children’s personal information would be published if the trust did not pay up.

In September of last year, the ransomware gang Vice Society claimed an attack on a multi-academy trust holding six schools, serving 4,500 pupils. The attack on the Scholar’s Education Trust left staff without access to internal systems including email and data from one of the schools ended up being illegally posted online.

Speaking to Tech Monitor in August, Brian Higgins, security specialist at cybersecurity platform Comparitech, said the sensitive nature of data held by schools means it is a magnet for criminals. The consequences of a breach can be severe, he said.

“Unfortunately, there is a long list of things that criminals can do with the types of information contained in these leaks, from direct contact [with the victims] to targeted phishing campaigns,” Higgins explained.

“Young people’s details are particularly popular with organised crime gangs for setting up things like bank accounts, as they are less likely to be discovered since the victims probably haven’t done that themselves yet.”