Cyber Incident Victim: Saint Cecilia’s Church of England School

Saint Cecilia’s Church of England School experienced a ransomware attack during the Easter holidays, which compromised its server and central Management Information System. The attack was described as organised and targeted, leading the school to proactively shut down its IT network to contain the incident. On Wednesday, April 17, 2024, the school notified its community via letter about the breach and subsequent network disruption. A formal Data Breach Statement followed on April 18, providing additional guidance, though specific details of compromised data were not disclosed in the public update. By Friday, April 19, the school confirmed the attack’s impact persisted, with IT systems remaining offline and recovery efforts ongoing.

The incident significantly disrupted school operations, particularly phone and email communications, which remained nonfunctional as of the April 19 update. Emergency Contact Forms were distributed to students for manual completion and return to mentors or Reception, indicating a temporary shift to paper-based processes to maintain critical communications. Despite the IT outage, the school confirmed that GCSE Art and Textiles examinations would proceed as scheduled on April 23 and 24, demonstrating prioritized continuity for academic assessments. Recovery timelines were unspecified, with the school acknowledging the prolonged disruption and urging patience while updates were provided exclusively through its website. No details regarding the attackers’ identity, ransom demands, or data restoration methods were disclosed in the available statement.