Cyber Incident Victim: Leytonstone School

On or around May 26, 2023, Leytonstone School in Waltham Forest experienced a critical IT incident that was later identified as a cyber attack. The incident occurred during the school's half-term break, leading to an immediate and extended closure of the 800-pupil secondary school. The attack compromised the school's IT infrastructure, rendering its Wi-Fi and telephone systems inoperable. A significant amount of personal data held by the school was accessed by the attackers during the breach. The school's leadership, including headteacher Jessica McQuaid, was forced to keep the school closed following the half-term break because a crucial document known as the single central record was rendered inaccessible due to the attack. This document contains all information and vetting checks for all staff members, and it is illegal for a school to operate without it being available.

The immediate impact of the incident was a severe disruption to education. Only pupils scheduled to take GCSE examinations were permitted to attend the school in person. All other year groups were required to remain at home and engage in remote learning while the school worked to resolve the issues. Headteacher Jessica McQuaid communicated directly with parents via a letter, expressing her devastation that the IT incident had impacted the start of the new half-term for pupils and apologizing for the short notice of the continued closure. The school advised parents to change the passwords they used for all school-related sites, such as ParentPay and Google Classroom, as a precautionary measure following the breach of personal data.

In response to the attack, Leytonstone School engaged a private IT consultancy firm to manage the recovery and investigation into the cyber attack. The school also formally notified several external authorities, including the police, the Information Commissioner's Office (ICO), and the National Cyber Security Centre (NCSC). This reporting was due to the confirmed access of a significant amount of personal information data. An ICO spokeswoman confirmed that the school had reported the incident and that the office was making enquiries. The school initiated the laborious process of creating a new single central record from scratch to replace the one that had been made inaccessible, a task that required manually reconstructing staff vetting and information records.

The local government authority, Waltham Forest Council, became involved in the response. Councillor Alistair Strathern, the Cabinet Member for Children and Young People, stated that the council was working with the school to understand the full impact of the incident. He emphasized that the safety and wellbeing of students, their families, and staff was the top concern and that the council was supporting school leaders to reopen to pupils safely as soon as possible. The school committed to conducting a thorough review to understand exactly what had occurred, with the council pledging support for this investigation. The school maintained regular contact with parents, promising to continue sharing information with them as updates became available.

The consequences of the attack extended beyond immediate IT system downtime and involved significant data protection implications due to the access of personal information. The school's inability to open fully caused considerable inconvenience for families, with one parent noting the particular frustration for children after previous disruptions to learning from the COVID-19 pandemic and teacher strike action. The financial and operational costs of hiring a private IT consultancy and the administrative burden of recreating critical documentation like the single central record represented a substantial resource drain on the school. The incident remained under investigation by multiple parties, including the school itself, the private IT consultants, the ICO, and the police, to determine the full scope of the data breach and the methods used in the attack.