Cyber Incident Victim: City Lit
Date:
Dec 2021
Location:
United Kingdom
Summary
City Lit experienced a ransomware attack where unauthorized actors infiltrated systems, copied data, and caused a prolonged IT outage disrupting online classes, enrollment, website, and phone services while in-person classes continued. The college contained the incident by shutting down its network, refused ransom payments on ethical grounds, and notified regulators including the Information Commissioner’s Office. Investigations to determine potential data compromise are ongoing, with affected individuals to be contacted if specific actions are required; the attackers were identified via an online post claiming possession of stolen files.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In late 2021, CityLit detected suspicious activity on its network, prompting an internal investigation supported by external cybersecurity specialists. The college subsequently confirmed the incident as a ransomware attack in which unauthorized actors infiltrated systems and exfiltrated data. Immediate containment measures involved shutting down the entire network infrastructure, resulting in a month-long IT outage that disabled online classes, enrollment systems, website functionality, and telephone services. While in-person instruction continued unaffected, the cyberattack forced cancellation of all virtual classes through year-end 2022 and necessitated pausing student enrollment processes. The disruption persisted into December 2022 when CityLit formally notified students about the incident's nature but could not yet confirm whether personal data had been compromised.
The college reported the breach to multiple regulatory bodies including the Information Commissioner's Office and law enforcement agencies. Forensic investigations revealed that attackers publicly named CityLit in online posts claiming possession of stolen institutional files, though the college declined ransom demands on ethical grounds. Impacted students received communications regarding class cancellations and refund procedures while restoration efforts prioritized reactivating critical systems. CityLit's public statements emphasized the complexity of determining data compromise, noting investigations remained ongoing with commitments to notify affected individuals should evidence emerge requiring specific protective actions. Contextual industry data cited in communications highlighted the disproportionate targeting of further education institutions, with 88% of UK colleges reporting cyber incidents in the preceding year according to National Cyber Security Centre statistics.