InfoSec / Cyber

Cyber attack written in computer text on a computer in red

Cyber Attack: Leytonstone School

This article is about a recent cyber attack on Leytonstone School.  The school in Waltham Forest has been closed since half term after it was targeted and a significant amount of personal data was accessed.

The school is still closed to all pupils other than those taking their GCSEs because the school currently does not have a single central record (SCR), sometimes referred to as a single central register.  An SCR is a statutory requirement for all schools and academies in England and Wales to keep and maintain one single record of pre-appointment vetting checks, regulated activity and recording information of all staff. The record is normally kept up to date by a member of the admin staff, but overall responsibility lies with governors (or equivalent) and delegated to headteachers.  It is an essential safeguarding document and must be maintained, reviewed and audited on a regular basis.  It will probably be one of the first documents that Ofsted will ask to see.  Any guidance relating to the SCR should also be read in conjunction with the current version of the Keeping Children Safe in Education (KCSIE) document.

There is no defined format for the SCR and most schools hold it electronically as a password protected Excel document.  As well as employees, it should also include:
  • any volunteer who is in regulated activity
  • people brought into the school to provide regular additional teaching or instruction but who are employed by another organisation such as peripatetic music teachers, sports coaches etc.
  • supply teachers
  • contract staff such as cleaners or caterers
  • Governors
  • Members of the proprietor body (trustees or directors) in independent schools including academies
As a result of the cyber attack at Leytonstone School there is also no WiFi and phone system, but it is the missing SCR that prevents the school from opening.  Our advice would be to always ensure there are secure offsite (cloud) backups of essential files, in addition to local backups.  The security of the SCR should be part of the school's business plan which should be discussed regularly at governing body meetings.  Review:  alongside Governors and Data Best Practice Area to understand how governor responsibilities relate to business continuity and cyber strategy.

View our Information & Cyber Security Best Practice Library for cyber help and guidance.

Download our Business Continuity Template.

We would also recommend viewing the National Cyber Security's pages that provide cyber security advice for schools, which includes free training: NCSC Cyber Security training for schools.
We provide additional Cyber Security Training: How to avoid a data breach: Information and Cyber security.

Further details about what has happened at the school can be viewed in this article by the Evening Standard: Leytonstone School forced to close after IT system hacked.

What to do in the event of a cyber attack?

Tell someone!  Report to IT. Report to SLT. 

Unplug the computer from the internet by removing the ethernet cable or turning the Wi-Fi off.

If you are a victim of a ransomware attack we would recommend reporting this to Action Fraud: as well as your data protection officer so they can advise about the data loss.  Most cyber crimes like these will also need to be reported to the ICO by your data protection officer.

Isolate the infected device and pass to IT 

Always ensure there are backups you can restore from.

Little Guide to ACTION FRAUD