Cyber Incident Victim: Tanbridge House School
Date:
Mar 2023
Location:
United Kingdom
Summary
Tanbridge House School experienced a malicious cyber attack by external hackers who locked the institution out of its systems, causing significant operational disruption. While no compromise of sensitive data was identified, the attack required an external IT security team to rebuild and enhance the school's systems, including reconfiguring over 300 computers and planning the issuance of new login credentials. The incident was reported to the Information Commissioner’s Office, and mitigation efforts aimed to restore normal operations rapidly. The attack aligned with a broader pattern of recent cyber incidents affecting multiple schools in the region, including two ransomware attacks elsewhere in West Sussex involving demands for sensitive data.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In early March 2023, Tanbridge House School in Horsham experienced a malicious cyber attack that severely disrupted normal school operations. External actors gained unauthorized access to the school's computer systems, locking administrators out of all networked resources. The incident was promptly detected, leading to the immediate shutdown of systems by on-site IT security personnel to contain the breach. Headteacher Mark Sheridan confirmed in a parental letter that the attack had caused significant operational impacts throughout the week of its discovery, though forensic investigators found no evidence of data exfiltration or compromise of sensitive information. The school reported the incident to the UK Information Commissioner's Office (ICO) and adhered to its prescribed protocol. This attack occurred amid a regional surge targeting educational institutions, with two Chichester schools suffering separate ransomware incidents during the same period—one of which (Bishop Luffa School) publicly acknowledged hackers were ransom-holding sensitive data without school payment.
Tanbridge House initiated comprehensive recovery efforts involving external cybersecurity specialists who rebuilt and fortified the school's digital infrastructure. Technicians reconfigured over 300 workstations to establish an enhanced security architecture, with reconfiguration work continuing through the weekend following initial containment. The school planned to issue new login credentials to all students and staff by March 20, anticipating full system restoration shortly thereafter. Sheridan emphasized implementing heightened protective measures to deter future incidents while acknowledging the school community's collaborative response, including parental support offers. Operational continuity challenges persisted during the recovery phase, though no legal or regulatory penalties were disclosed at the time of reporting. Sussex Police and West Sussex County Council were notified of the incident, though their investigative roles or findings remained unspecified in initial disclosures.