Cyber Incident Victim: Fettes College
Date:
May 2024
Location:
United Kingdom
Summary
A prestigious Scottish boarding school experienced a cyber attack where criminals compromised its IT systems to defraud parents, resulting in substantial financial losses for a small number of families. The institution, attended by notable alumni, immediately engaged external IT experts and law enforcement upon discovery, advising affected individuals to scrutinize communications. Police confirmed an investigation into the incident, which aligns with a pattern of recent ransomware and data theft incidents targeting Scottish organizations including healthcare providers, universities, and local councils. The attack exploited family data to facilitate fraudulent transactions, prompting a full internal review alongside authorities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On May 29, 2024, Fettes College in Edinburgh—a prestigious £40,000-a-year boarding school attended by notable alumni including former Prime Minister Tony Blair—experienced a cyber attack compromising a limited segment of its IT systems. Criminal actors illegally obtained personal details of current and prospective student families, specifically targeting parents for financial fraud. The attackers executed their scheme by contacting families with deceptive communications disguised as legitimate school correspondence, resulting in a "handful" of prospective parents being defrauded of "large sums" of money. While the exact breach vector and scope of compromised data were not disclosed, the incident directly impacted families in the admissions process. The school detected the breach in May and initiated immediate containment measures, including system remediation and collaboration with external IT forensic experts. Police Scotland confirmed the criminal investigation on the day of the attack, with officers providing direct support to affected families. No operational disruptions to school activities were reported, though the breach exposed financial vulnerabilities among families engaged in enrollment transactions.
Fettes College leadership issued a public statement acknowledging the "cyber-incident" and urging all parents to scrutinize communications purporting to be from the school, advising direct verification of any suspicious requests. The institution launched a full internal investigation supported by third-party cybersecurity specialists and reported the breach to undisclosed "appropriate authorities," likely including the UK Information Commissioner’s Office given the involvement of personal data. Police Scotland’s ongoing inquiry focuses on identifying the perpetrators and tracing financial losses, though no attribution to known threat groups or ransom demands was disclosed. The incident aligns with a broader pattern of cyber attacks targeting Scottish institutions over the preceding 12 months, including ransomware incidents at NHS Dumfries and Galloway, Western Isles Council, and the University of the West of Scotland—though Fettes’ breach appeared financially motivated rather than extortion-based. No evidence suggested student or staff academic records were exfiltrated, with impacts confined to financial fraud against families. The school maintained its operational continuity while facing reputational scrutiny due to its high-profile clientele and status as one of Britain’s most exclusive educational institutions.