Cyber Incident Victim: Brockington College
Date:
Feb 2024
Location:
United Kingdom
Summary
A cyber attack on Brockington College and its affiliated multi-academy trust involved hackers remotely controlling staff computers, prompting an immediate system-wide shutdown across nine schools. The incident disrupted operations by forcing manual processes for pupil registers, fire safety, and cafeteria payments, leading to prolonged lunch queues and canceled lessons. Library records became inaccessible, resulting in overdue book tracking issues, while homework management systems remained partially offline months later. The attack exemplified rising ransomware threats targeting educational institutions, compromising sensitive data and demanding ransoms. School leaders highlighted insufficient preparedness for such incidents amid growing reliance on technology and constrained cybersecurity budgets, emphasizing the broader sector-wide challenge of defending against increasingly sophisticated criminal tactics.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The cyber incident at Brockington College, part of the Embrace Multi-Academy Trust in Leicester, began just before Easter 2024 when staff members observed unauthorized remote activity during morning logins. Employees reported mouse cursors moving independently across their screens, with files already opened on their computers without their intervention. Trust CEO Sharon Mullins described the intrusion as "sinister" and within 30 minutes ordered all nine schools in the trust to disconnect from their network systems. This immediate containment measure forced teachers to abandon digital lesson plans and revert to paper-based operations for critical functions including pupil registration, fire safety protocols, and administrative record-keeping. The attack disabled the school's catering payment systems, requiring staff to manually record lunch purchases during extended queues that doubled in length, with Year 10 pupil Archie noting some students couldn't obtain desired meals due to processing delays.
School librarian Elizabeth Elliott faced operational challenges tracking over 100 overdue books after losing access to digital records, while Year 9 student Isaac reported persistent homework disruptions two months post-incident due to incomplete restoration of educational apps. Trust staff worked continuously through the holiday period to restore systems securely, though full functionality remained incomplete weeks later. The incident occurred amid a 55% annual increase in reported cyber attacks across UK educational institutions, with ransomware incidents specifically rising by 170% sector-wide according to ICO data. While the attackers' specific methodology wasn't detailed beyond the visible remote access, the broader context included organized criminal gangs targeting schools for financial gain through data theft and extortion. The Department for Education confirmed availability of incident response support, while Trust leadership emphasized the sector's inadequate preparedness for such threats despite growing reliance on operational technology systems.