Classes cancelled as 'sinister' school cyber-attacks rise (2024)

Published

10 May 2024

Cancelled lessons and snaking lunchtime queues are among the ways pupils are being affected by an increasing number of cyber attacks on schools.

New figures from the Information Commissioner's Office, external (ICO) show 347 cyber incidents were reported in the education and childcare sector in 2023 - an increase of 55% on 2022.

Government data, external suggests most schools and colleges have identified a cyber-security breach in the past year.

Some tell BBC News it has led to temporary closures and weeks of disruption.

The Department for Education (DfE) says it has a dedicated response team available to advise schools when that happens.

Two school trusts in the East Midlands were targeted in separate attacks within days of each other earlier this year.

Embrace Multi-Academy Trust CEO Sharon Mullins says her schools are still feeling the effects of the attack, which happened just before Easter.

Staff at Brockington College, in Leicester, were first alerted to the breach when they saw their mouse cursors moving remotely across their screens, with files already open on the computers, when they first logged on at the start of the school day.

"The whole thing feels very sinister," Ms Mullins said.

Within 30 minutes, she had ordered all of the trust's nine schools to take all of their systems offline.

"You're basically telling every teacher across the trust that whatever they had planned that day, they can no longer teach with immediate effect," she said.

Suddenly, everything from pupil registers to fire safety had to be done on paper, as staff worked day and night over the holidays to get the systems back online safely.

Brockington's school librarian Elizabeth Elliott says she is now chasing more than 100 overdue books after losing access to her online records.

Even the school's catering facilities were affected, with the computer systems responsible for taking payments for school lunches also taken offline.

Year 10 pupil Archie said the length of the lunch queues doubled overnight.

"Teachers had to write down everyone's name and what they got, all the prices," he said.

"It took about double the time to get through everyone and some people didn't get the food they wanted because break-time just wasn't long enough."

Isaac, in Year 9, says his homework is still affected two months on from the attack, as the app they use is not yet fully back online.

"There was just so much we couldn't do," he said.

"All in all it just made everything more difficult to work around."

The type of cyber attack which increased most across all sectors between the end of 2022 and 2023, according to the ICO, was ransomware, incidents of which increased by 170%.

During a ransomware attack, hackers block access to a school's computer records, including sensitive personal data, and demand money while threatening to publish them online.

Often the attacks are committed by organised criminal gangs based in foreign countries.

One such attack, identified by the BBC in the south-west of England at the start of last year, saw hackers steal and publish several highly confidential documents, including information about children with special educational needs, child passport scans and staff contract details.

Ms Mullins now says she wants school leaders to talk more openly about how to deal with such incidents.

"My opinion is that multi-academy trust leaders and school head teachers aren't talking about this enough," she said.

"Taking pupil data, school data that is quite personal, and then sending a ransom message for it is definitely something we're not fully trained for when you start your career - but you certainly need to know about it."

A few miles away, in South Derbyshire, the de Ferrers Trust was targeted by a near-simultaneous but separate cyber attack which forced two of its schools to close.

They were the subject of a "brute force" attack, where hackers make repeated attempts to crack passwords or login credentials.

Trust CEO Kathy Hardy likened the method to "a car thief going down the road and trying door handles, and getting lucky".

Both Granville Academy and the Pingle Academy, in Swadlincote, had to remain closed for an extra day after the Easter break while all the systems were brought back online.

"You don't realise how much you rely on the technology in terms of the systems it affects," Granville Academy head Michelle Oliphant said.

"It makes me very angry because there are a lot of pressures on the education system at the moment and this is an unnecessary hindrance that impacts on students and that's really unfair."

Paul Alberry, CEO of Secure Schools, said the concept of managing cyber-security risk is fairly new to most schools.

"IT teams have not had to operate and defend to this level before," he said.

"Schools are increasingly reliant on tech to process the data that they need to be operational - and sometimes that's as crucial as keeping the doors open and keeping children safe."

He said school leadership teams, as well as specialist IT staff, should all be involved and be familiar with what to do in the event of a cyber attack.

But stretched school budgets limit how much trusts can invest in cyber-security defences to keep hackers out, he said.

A DfE spokesperson said the government was increasing school funding to "the highest level ever in real terms per pupil, to support school leaders to meet their costs".

An ICO spokesperson said their data suggests that cyber threats are increasing year on year but said they had "a wealth of free advice and resources" available to support schools with keeping their systems secure.

Similar resources are available on the National Cyber Security Centre's webpage for schools, external.

Related Topics