Cyber Incident Victim: Christ The King Academy Primary School

In February 2018, a cybersecurity breach exposed live CCTV feeds from multiple UK schools, including St Mary’s Catholic Academy in Blackpool and its neighboring Christ The King Academy Primary School. Hackers accessed unsecured camera systems and streamed real-time footage on a US-registered website advertising live surveillance feeds from unprotected devices globally. The compromised cameras at St Mary’s included eight feeds covering playgrounds, entrances, corridors, and areas capturing activity at Christ The King Academy. Footage from February 21, 2018, showed infants leaving classrooms and being collected by parents, while older students, teachers, and sixth-formers were also observable. A fourth unnamed school in the South-East had internal cameras breached, revealing students, staff, and distinctive purple, white, and gray lockers. The streaming site claimed no active hacking occurred, attributing access to cameras lacking password protection.

Upon discovery, St Mary’s and Highfield (another affected school) immediately reset passwords, disabling external access to their feeds. Jeremy Hartley of the Eric Wright Group, managing CCTV systems for two schools, confirmed feeds were taken offline promptly after alerts, with experts deployed to investigate the breach. The incident highlighted systemic vulnerabilities, as Big Brother Watch reported over 200 UK schools used cameras in toilets, amplifying privacy concerns. The Information Commissioner’s Office initiated an inquiry into the breaches but did not disclose findings publicly. No evidence suggested malicious manipulation of footage beyond unauthorized streaming. The exposure lasted until credential updates severed the illicit access, though the duration of prior visibility remained unspecified. Impacts included potential privacy violations for students, staff, and families across multiple institutions, underscoring risks of inadequate security for internet-connected surveillance systems.