Cyber Incident Victim: South and City College Birmingham

On or around March 15, 2021, South and City College Birmingham experienced a disruptive ransomware attack that compromised its core IT infrastructure, forcing the immediate closure of all eight campuses. The college publicly announced the incident on March 15, characterizing it as a "major" cyber attack that disabled essential systems. This operational disruption necessitated a week-long shutdown of physical facilities starting March 15, with all instruction transitioning to online platforms for the duration. Students were instructed to access virtual lessons following the same protocols used during prior COVID-19 lockdowns, though the college acknowledged potential ongoing technical difficulties and advised contacting tutors directly for assistance. Prospective students facing application issues were redirected to email [email protected] as alternative channels while systems remained impaired.

The institution engaged computer forensic specialists to remediate the attack and restore systems, though no specific timeline for recovery was provided. Officials confirmed data exfiltration occurred during the incident but did not disclose the ransomware variant involved, data types compromised, or number of affected individuals. Regulatory notifications were made to both the UK government and the Information Commissioner’s Office in compliance with breach reporting obligations. No threat actor group was identified in available reporting. The campus closures and forced transition to remote learning represented significant operational impacts, with the college requesting patience from students and staff throughout the remediation period. No additional technical details regarding attack vectors, containment measures, or financial demands were disclosed in public statements.