Threat Intelligence
Essential Reading
Ransomware Attacks on Schools and Universities
Harris Federation: ransomware took 50 schools offline for weeks in April 2021. Lincoln College cited ransomware as a contributing factor to its permanent closure in 2022.
Phishing Targeting School Staff and Students
JISC identifies phishing as the dominant initial access vector for cyberattacks on UK universities and colleges — credential theft from staff accounts is the most common entry point.
Education Data Breaches
Pearson fined by SEC in 2021 for a breach affecting UK school student data — and for misleading investors. Hackney Council ransomware 2020 affected pupil records across borough schools.
Further Reading
Business Email Compromise and Invoice Fraud Targeting Schools and Multi-Academy Trusts
UK schools and MATs have lost tens of thousands of pounds to BEC fraud — finance officers are targeted with urgent payment requests impersonating senior leaders and suppliers.
EdTech Supply Chain Attacks
MOVEit vulnerability 2023: universities globally had data exfiltrated via a trusted file transfer platform they did not directly control. Capita breach 2023 affected University Superannuation Scheme (USS).