Cyber Incident Victim: St. Mary's Catholic Academy

In February 2018, it was discovered that hackers had breached the CCTV systems of St. Mary’s Catholic Academy in Blackpool, along with three other unidentified British schools, exposing live footage of students and staff to public viewing online. The compromised cameras—eight at St. Mary’s—covered playgrounds, entrances, internal corridors, and provided views of the adjacent Christ The King Academy Primary School. Real-time footage accessible via a U.S.-registered website included children leaving classrooms, parents collecting infants, and older students, teachers, and sixth-formers moving through shared spaces. The breach occurred because the cameras lacked password protection, allowing unauthorized global access to the feeds. The streaming site explicitly stated it only featured cameras without proper security measures, denying active hacking while exploiting this vulnerability.

Upon identifying the exposure, St. Mary’s and another affected institution, Highfield, immediately strengthened their CCTV passwords, successfully removing their cameras from the unauthorized site. Jeremy Hartley of the Eric Wright Group, which managed systems for two schools, confirmed that feeds were taken offline instantly, with experts deployed to investigate the breach’s cause. The incident highlighted risks beyond St. Mary’s, as the same website broadcast footage from hundreds of unsecured locations, including an unnamed South-East school where cameras captured students, teachers, and cleaners near distinctive purple, white, and grey lockers. The Information Commissioner’s Office initiated an inquiry into the cases, while a Big Brother Watch report contextualized the breach by revealing over 200 UK schools used surveillance cameras in toilets, amplifying privacy concerns. No further technical details about the attackers or long-term impacts on the schools were disclosed in available reports.