Cyber attack leaves London pupils without email access

Ransomware attack on Harris Federation cripples email access for 40,000 students

A ransomware attack has left 37,000 pupils in London and the South East of England without access to their emails.

The Harris Federation, which is based in Croydon and operates 48 primary and secondary academies, reported the crippling attack over the weekend.

Three other multi-academy trusts have been plagued by similar attacks this month, a trend that led the UK National Cyber Security Centre (NCSC) to warn about such incidents last week.

The organisation has shut down its email systems and VoIP telephone systems and students have been left unable to use devices, such as laptops, procured by the organisation.

The National Crime Agency (NCA) and the National Cyber Security Centre (NCSC) are investigating the attack, described by the Harris Federation as “highly sophisticated”. At the time of writing the perpetrator is unknown.

“We know that some families will have important individual concerns around data and that in these cases you will want to know more about the nature of the attack,” the trust said in a statement.

“Because we do not want to risk providing incorrect information, we will communicate further once we have clarity and liaise as appropriate with the Information Commissioner’s Office [ICO].”

‘Alarm bell’

Adam Bangle, VP EMEA at BlackBerry said the attack should be “an alarm bell for the public sector and a demonstration of the need to secure each and every endpoint.”

“The news of the attack on the Harris Federation comes on the heels of last week’s warning from the NCSC of the growing threat to the education sector posed by cybercrime and ransomware in particular.”

“To ensure the continuity of education, especially in the context of remote learning, we encourage the government to consider the impact on individuals’ wellbeing and ensure security, productivity and user experience.”

“If these devices become infected with a virus or malware, they can expose sensitive personal information that students share during the learning process.”