View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 22, 2022

Six UK schools hit by cyberattack on multi-academy trust

A cyberattack has hit six UK schools after the network of a multi-academy trust covering 4,500 pupils was breached.

By Matthew Gooding

A cyberattack on a multi-academy trust which runs schools serving 4,500 pupils has left staff without access to digital systems for more than a week, Tech Monitor understands.

The Scholars’ Education Trust suffered the breach last week, and at the time of writing many of its internal systems remain offline. The trust runs six schools in Hertfordshire – Buntingford First School, Harpenden Academy, Priory Academy, Robert Barclay Academy, Samuel Ryder Academy and Sir John Lawes School.

A message has been posted on the websites of schools in the trust referring to a ‘serious IT issue’.

A notice posted on the websites of all the schools in the trust on Tuesday states it is suffering from the effects of a “serious IT issue”.

“We are currently experiencing difficulty in sending and receiving emails,” the notice says. Please contact the school by telephone should you have an urgent message.”

It is not known if any personal data of students or staff has been stolen in the breach, or whether the hackers have issued a ransom demand.

Tech Monitor has approached Scholars’ Education Trust for comment on the incident.

Cyberattacks on UK schools are a growing problem

Education providers have become a popular target for cybercriminals in the wake of the Covid-19 pandemic. According to Verizon’s 2022 Data Breach Investigations report, there were more than 1,200 reported attacks on education providers in the year to 13 October 2021. This makes education the fifth most commonly targeted business sector for hackers.

Content from our partners
Powering AI’s potential: turning promise into reality
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline

UK institutions have been targeted by hackers, and last month Tech Monitor reported that the Hive ransomware gang had demanded £500,000 from two sixth-form colleges in Bedfordshire, threatening to leak personal information of children if the colleges did not pay.

The National Cyber Security Centre (NCSC) noted a rise in the number of cyberattacks on schools last year, with a spate of ransomware attacks reported.

This led to the NCSC updating its guidance to schools, universities and other education organisations about how to prevent attacks and how to deal with the aftermath of a breach. It also urges organisations sign-up to its early warning system, which tracks malicious activity on networks around the country.

Paul Chichester, the NCSC's director of operations, said at the time: “This is a growing threat and we strongly encourage schools, colleges, and universities to act on our guidance and help ensure their students can continue their education uninterrupted.

“We are committed to ensuring the UK education sector is resilient against cyber threats, and have published practical resources to help establishments improve their cyber security and response to cyber incidents.”

Read more: Cybercriminals have education in their sights

Homepage image courtesy Monkey Business Images/Shutterstock

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.