Cyber Incident Victim: Hope Sentamu Learning Trust
Date:
Jan 2023
Location:
United Kingdom
Summary
A ransomware attack targeted the Hope Sentamu Learning Trust, disrupting IT systems across multiple schools in York, Selby, Scarborough, and Hull. The trust proactively disabled certain systems as a precaution, with partial restoration achieved through strong backups, though some services remained offline during investigation and recovery efforts. No ransom demand was reported, and the organization affirmed it would not comply with such requests on principle. Collaboration with cybersecurity experts and authorities, including the Information Commissioner’s Office and police, was initiated to secure infrastructure and minimize operational disruptions while maintaining communication with affected stakeholders.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
A ransomware attack impacted Hope Sentamu Learning Trust, affecting its IT systems on or around January 1, 2023. The incident disrupted operations across 15 academies in York, Hull, Selby, and Scarborough, including Manor CE Academy, Vale of York Academy, Barlby High, Graham School, George Pindar School, Poppleton Ousebank Primary, Burton Green Primary, Forest of Galtres Anglican Methodist Primary, and Skelton Primary. Trust CEO Helen Winn confirmed in a January 9 letter to parents that hackers executed a ransomware attack targeting the trust's IT network, though no ransom demand had been received at the time of notification. Immediate response actions included disabling affected systems as a containment measure, with some systems already restored by January 9. The trust credited its rapid detection systems for alerting them to the compromise, enabling swift protective actions. Educational operations experienced temporary disruptions due to the forced system outages, though specific instructional impacts weren't detailed in public communications.
Technical recovery efforts focused on restoring systems from backups, which the trust described as sufficiently robust to support full recovery expectations. Ongoing investigative and protective measures required keeping certain systems offline beyond January 9 as a precaution while working with cybersecurity partners to secure infrastructure. The trust formally engaged with regulatory and law enforcement authorities including the Information Commissioner's Office and police, maintaining communication channels for updates. No data breach or student information compromise was explicitly confirmed in the initial disclosure. Organizational background notes the trust formed in 2021 through a merger between York-based Hope Learning Trust and Hull-based Sentamu Academy Learning Trust, the latter operating five Hull academies including Archbishop Sentamu CE Academy and Aspire Academy. The trust maintained a public stance against ransom payments on principle, emphasizing infrastructure security prioritization throughout the incident response timeline.