Cyber Incident Victim: Waltham Forest
Date:
Jun 2023
Location:
United Kingdom
Summary
A secondary school in Waltham Forest experienced a critical cyber incident resulting in unauthorized access to substantial personal data and system disruptions, forcing a partial closure. The attack compromised IT infrastructure, including WiFi and phone systems, and rendered the mandatory single central record—containing staff vetting details—inaccessible, legally preventing full operations. While GCSE students attended in person, other pupils shifted to remote learning. The institution engaged a private IT consultancy, alerted law enforcement, the Information Commissioner’s Office, and the National Cyber Security Centre, and advised parents to reset credentials for school platforms. Local authorities collaborated with the school to assess impacts, support recovery, and investigate the breach, prioritizing student and staff safety alongside restoration efforts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Leytonstone School in Waltham Forest experienced a critical IT incident around June 1, 2023, forcing a partial closure immediately following the half-term break. The cyber attack compromised the school’s IT systems, rendering its WiFi and telephone services inoperable and preventing access to the legally mandated single central record—a document containing staff vetting details and safeguarding information. Headteacher Jessica McQuaid confirmed the school could not legally operate without this record, necessitating remote learning for all non-GCSE students while only exam-year pupils attended in person. A significant amount of personal data held by the school was accessed during the breach, though specific data types or volumes were not disclosed. The school engaged a private IT consultancy to manage recovery efforts and reported the incident to the Metropolitan Police, the Information Commissioner’s Office (ICO), and the National Cyber Security Centre (NCSC). Staff initiated recreation of the single central record, but full reopening was delayed beyond the immediate week following the attack.
The incident disrupted education for approximately 800 students, compounding prior learning interruptions from COVID-19 and strikes. Parents were advised to reset passwords for school-linked platforms like ParentPay and Google Classroom as a precaution. Waltham Forest Council’s Cabinet Member for Children and Young People, Alistair Strathern, stated the council was collaborating with the school to assess the breach’s full impact and prioritize student and staff safety. The ICO acknowledged the school’s report and opened an inquiry, while the school maintained direct communication with families regarding recovery progress. No ransom demands or threat actor claims were cited in available reports. Operational impacts included prolonged reliance on remote learning tools despite compromised account security, with no confirmed timeline for full system restoration or data exposure mitigation beyond initial password resets.