Schools and Cyber
On 4th June 2021, the National Cyber Security Centre (NCSC) alerted organisations about an increase in the number of cyberattacks aimed at schools, colleges and universities. The NCSC advised that such incidents could lead to the loss of student coursework, unauthorised access to the institution’s financial records, as well as data relating to COVID-19 testing being compromised.
The University of Sunderland has become the most recent victim of a major cyberattack that has stalled its operations for weeks. The cyberattack has resulted in telephones, websites and IT systems being unavailable for several days. It was alarming to see the amount of time it took for the university to reinstate its systems and recover from the cyberattack. Almost a month after the attack, the University is still to assess the amount of data compromised and the impact of the cyberattack.
It is difficult to assess the financial impact of this cyberattack as the matter is still under investigation. However, the university has confirmed that it was a ransomware attack where its IT systems were being locked by the hackers and the data held hostage in return for a ransom payment to restore the system. Looking at the scale and length of the attack, it is anticipated that the recovery and/or ransomware must have resulted in a huge financial setback to the University. There has been an increase in the number of attacks against educational institutions recently. One of the reasons behind that is the amount of personal data held by educational institutions and the relative underinvestment in cybersecurity and data protection making educational institutions an easy and lucrative target for cyber-crime and data theft.
If this article makes you reconsider your institution’s strategy in data protection, please contact us.
This update is for general purposes and guidance only and does not constitute legal or professional advice. You should seek legal advice before relying on its content. This update relates to the prevailing circumstances at the date of its original publication and may not have been updated to reflect subsequent developments. If you have general queries about our updates, please email: firstname.lastname@example.org