Cyber Incident Victim: The Skinners' Kent Academy
Date:
Jun 2021
Location:
United Kingdom
Summary
A cyberattack targeted Skinners' Kent Academy and its affiliated primary school, involving sophisticated hackers who breached servers, stole data, and encrypted pupil information. The compromised systems prevented staff from accessing critical records, including emergency contacts, forcing temporary school closures. While officials indicated the attackers may not have accessed the core student management database, they encrypted stored data, rendering it unusable. The incident prompted warnings to parents about potential financial data exposure and advisories to notify banks. Authorities including the National Cyber Security Centre and police launched investigations, while the institution worked to reconfigure IT systems, restore data through parent recollections, and implement remote learning during recovery efforts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around June 2, 2021, hackers breached servers belonging to the Skinners' Kent Academy Trust, compromising two schools in Tunbridge Wells: Skinners' Kent Academy and Skinners' Kent Primary School. The attackers stole data and encrypted pupil information stored on the systems, rendering it inaccessible to staff. While the trust stated the hackers did not "appear" to have accessed the School Information Management System containing personal records for pupils, students, and staff, they confirmed the encryption of this critical data repository. This encryption prevented staff from retrieving vital operational information, including emergency contact details and other pupil records essential for daily school functions. By Monday, June 7, the loss of access to this data necessitated the closure of both schools. The trust publicly disclosed the incident, acknowledging they "cannot be sure" exactly what information the hackers obtained but warned that personal details might have been compromised. Parents were advised to notify their banks proactively about potential exposure of financial information.
The trust initiated multiple response measures following the breach. They engaged Action Fraud, the National Cyber Security Centre, local police, and their internal data protection company to investigate the incident, which they described as the work of "sophisticated" hackers. With emergency contact details encrypted, the trust began manually recollecting this critical information from parents to enable eventual reopening. Simultaneously, technicians worked to reconfigure school computer systems to restore staff access to teaching resources. Remote learning platforms were activated on Tuesday, June 8, to maintain educational continuity during the closure. Operational recovery efforts focused on two parallel tracks: rebuilding the compromised data infrastructure and manually restoring pupil records through parent outreach. No specific timeline for reopening was provided, though the trust emphasized working "incredibly hard" to resume in-person schooling as soon as possible.