In May 2026, Shottermill Junior School in Haslemere, Surrey became the latest UK primary school to fall victim to a ransomware attack. The LockBit 5.0 group officially listed the school as a victim on 9 June 2026, with threat intelligence monitors detecting the initial network infiltration as far back as 20 May 2026. This means the attackers had approximately three weeks of dwell time inside school systems before the attack became public

When a Multi-Academy Trust (MAT) accidentally leaks highly sensitive pupil data, it makes national headlines.

Earlier this year, we brought together schools and multi academy trusts from across the sector for a day focused on something that continues to challenge us all:  data protection in education.

The response was incredible.

On 4 June 2026, Powys County Council confirmed that a cyber security incident had resulted in the theft of personal data belonging to pupils, staff, and others connected to schools in mid-Wales. Thirteen schools were affected by the wider incident, with personal data specifically taken from at least one. The attack was first identified in April 2026 and, according to the council, was “quickly contained”, but not before

We present an article written by our Featured Guest Expert Ralph T O'Brien for our school and multi academy trust customers about the Data Use and Access Act where he breaks down what the latest legislative changes mean for the education sector.

📢 Thinking about your training for inset days in September? Then look no further and book onto our online training sessions.

ChatGPT, Gemini, Copilot and Data Protection

A Practical Guide for School Leaders and Data Protection Officers

This article combines guidance from the Guardians of Privacy series, produced by Data Protection Education in collaboration with Litus Digital, with urgent new advice issued in May 2026 following confirmed blackmail attempts against UK schools using AI-manipulated images of children. Key sources include the UK Safer Internet Centre (8 May 2026) and the Internet Watch Foundation.

Cyber attacks on schools are no longer a distant threat. The Department for Education (DfE) has just launched a dedicated Cyber Security Hub to help schools navigate this growing danger, and as a school leader, it's worth understanding exactly what it offers and why it matters.  If you were at our conference in February you were lucky enough to see a preview of the tool!

The Cyber Security Breaches Survey 2025/2026 was published on 30t April 2026 by DSIT and the Home Office.  We outline the current threat picture for schools.

What is this? A new law that came into force on 29 April 2026. It changes how schools, councils, health services and police work together to keep children safe. Several parts of it directly affect how schools handle children's information. Data Protection is now embedded within Safeguarding practice.

Navigating the entry requirements for educational settings can sometimes be confusing for both the school and the visitor.  To ensure a smooth, secure, and legally compliant process, it is essential to balance safeguarding requirements with data protection principles and DfE guidance.