Cyber Incident Victim: NPTC Group of Colleges

On December 28, 2022, NPTC Group of Colleges detected suspicious activity on its IT network, leading to the discovery of a criminal cyber-attack. The institution immediately engaged JISC, its network provider and monitoring service, whose cybersecurity consultants activated a predefined critical incident plan developed from their experience handling over 30 comparable incidents. The college notified law enforcement authorities, including the Police and Action Fraud, the UK’s national fraud and cybercrime reporting center, and provided investigative support. The Information Commissioner’s Office (ICO) was also informed due to potential data protection implications. Investigations remained ongoing as of January 6, 2023, with the ICO advising concerned individuals to register with CIFAS, a fraud prevention service, to mitigate risks from potential identity theft stemming from the breach. The attack disrupted college systems and services, forcing operations onto limited functionality while restoration efforts continued.

The incident’s operational impacts included modifications to academic and administrative processes. While most scheduled exams proceeded, those previously conducted online shifted to paper-based formats. January course enrollments transitioned to in-person sessions starting January 10, 2023, with specific weekday hours and adjusted open evening schedules at Brecon Beacons College, Afan College, Newtown College, and Neath College on January 16 and 17. The college maintained its planned open evenings despite the disruption, emphasizing vigilance against suspicious communications via email, text, or phone. Daily updates were provided as investigations progressed, with inquiries directed to a designated email address. Acting CEO Catherine Lewis confirmed the institution’s reopening on January 9, 2023, under restricted systems, while recovery work continued.