Posted on March 19, 2023 at 2:53 PM
Schools in West Sussex have become victims of malicious hacking campaigns to disrupt normal operations. A recent cyber-attack at Tanbridge House School was reported this week. Education centers are usually major targets in hacking attacks, but in the recent exploit, the head of the school has said that sensitive information was not stolen.
Horsham school targeted by cyber attack
Over the past week, there have been several attacks on schools in West Sussex, and the recent exploit marks the third on schools in the region. Two schools in Chichester have also been targeted by ransomware attacks, with the hackers demanding payment.
One of the schools targeted by the ransomware attacks is Bishop Luffa. The institution noted that threat actors had accessed a large volume of sensitive data. The hackers were holding this data at ransom, but the school said that it was not in a position to meet the payment demands by the threat actors responsible.
Tanbridge House School has become the latest victim of these increased hacking attacks. However, the school’s headteacher, Mark Sheridan, said the exploit did not compromise sensitive information.
Tanbridge House School has already alerted the stakeholders about this exploit. The school sent letters to parents this week informing them that its computer systems were hacked. In the letters, the school said that the exploit had a significant effect on the normal running of the school during the week.
Tanbridge House School sent a letter to parents this week saying that hacking of its systems had had “a big impact on the normal running of the school this week” but that computers were being reconfigured.
In the letter, the school headteacher also said that the malicious access to its computer systems was done by an outside party. He added that the exploit was being investigated by cybersecurity experts, who informed the school administration that it had been locked out of its systems.
“This incident continues to be fully investigated by our external IT security team. They have told us that while the hackers managed to gain access and lock us out of all our systems, no evidence has been found of any data breach or compromise of sensitive information,” Sheridan said.
School used IT security staff
The headteacher also added that the school engaged the services of cybersecurity experts as soon as the breach was detected. According to Sheridan, IT security staff shut down the school’s computer systems and reported the matter to the Information Commissioner’s Office (ICO). The ICO later informed the company of the measures that needed to be taken to mitigate the effects of the breach, adding that the school was already implementing these measures.
“While this has had a big impact on the normal running of our school this week, our IT team have been busy building an enhanced, secure system for students and staff to use. Over 300 computers have been reconfigured already. This process will be ongoing and continued over the weekend,” Sheridan said.
The school has also announced plans to give out fresh online details to its stakeholders. It said it would issue new login details to all the students and staff starting March 20. The school is also optimistic that normalcy will be restored and that it will be fully up and running by as early as next week.
Sheridan has also assured that the school will adopt the best cybersecurity measures to ensure that similar hacking attacks do not happen. Such measures might include investing in the best security systems to detect and mitigate exploits before they happen. Such measures will ensure that the school’s operations are not disrupted in the future if it is targeted again.
The headteacher has also applauded the entire school community for standing together despite the critical threat posed by the hackers. The school has also noted that some parents volunteered their services and support, and they managed to mitigate the effects of this breach.
However, in the statement, Sheridan did not reveal whether the school had contacted law enforcement authorities to discuss the matter. In case of a hacking attack, an institution must reach out to law enforcement authorities to help understand the best path forward and identify whether the authorities will help determine the threat actors behind the exploit.
Schools are usually top targets for cybersecurity attacks because of the sensitive nature of the information stored by these institutions. The increase in hacking attacks targeting schools in Wessex calls for more vigilance.