Cyber attack on Tanbridge House School in Sussex locks staff and students out of their systems

The Tanbridge House School in Horsham suffered a cyber attack that enabled hackers to lock staff out of their computer systems and access stored information.

Mark Sheridan, the school’s head teacher, said in a notice that the school has identified “malicious access of our school computer systems from an outside party”. The school immediately launched an investigation involving third-party IT security experts to understand the scope of the security incident.

“This incident continues to be fully investigated by our external IT security team. They have told us that while the hackers managed to gain access and lock us out of all of our systems, no evidence has been found of any breach of data or compromise of sensitive information,” Sheridan said.

“IT security staff were quickly on site to shut down our computer systems and we reported the incident to the Information Commissioner’s Office, who have given us the advice we are now following,” Sheridan continued.

Tanbridge House School has started notifying all affected individuals about the security incident that impacted the normal operations of the school. The institution is in the process of recovering from the cyber attack and is reconfiguring its computers.

“While this has had a big impact on the normal running of our school this week, our IT team has been busy building an enhanced, secure system for students and staff to use. Over 300 computers have been reconfigured already. This process will be ongoing and continue over the weekend.

“We will be issuing new login details to all students and staff from Monday, March 20, and we hope to be fully back up and running early next week. Please be assured that the school will continue to implement the strongest cyber security measures possible to prevent malicious attacks such as these in the future,” Sheridan added.

Last week, the UK’s largest co-educational state boarding and day school Wymondham College suffered a cyber attack that affected its daily operations. Jonathan Taylor, the chief executive of the institution’s parent company, Sapientia Education Trust, said that the incident affected several systems as well as access to some files and resources, but no data breach occurred. He added that the school had not received a ransom demand at the time of reporting.

Erfan Shadabi, Cybersecurity Expert at comforte AG, says that schools are becoming more dependent on a computing infrastructure to support their daily functions, and they also hold a vast amount of sensitive information. This makes them viable targets for cybercriminals who might hold data for ransom, steal and sell it, or aim to cause disruption.

"The three ransomware attacks on schools in West Sussex in the last week underscore a harsh reality that every enterprise must confront: a ransomware attack isn’t just a remote possibility but rather a likely imminent event. It is crucial that institutions prepare for this eventuality.

"Educational institutions need to understand that they are high-profile targets, and they need to assume that a cyberattack is imminent. With that in mind, they need to invest in a dynamic security awareness training programme for both faculty and students so they can better identify security risks such as phishing emails and suspicious links," he adds.