Cyber Incident Victim: Fylde Coast Academy Trust
Date:
Sep 2024
Location:
United Kingdom
Summary
The Fylde Coast Academy Trust experienced a ransomware attack disrupting IT systems across all 10 affiliated schools, including Aspire, Montgomery, and Unity academies. The incident caused widespread operational impacts such as disabled computer access, impaired phone lines, and obstruction of administrative tasks, student records, and classroom activities, forcing a shift to manual processes. While no threat actor claimed responsibility or disclosed ransom demands, the organization received immediate support from the Department of Education, cybersecurity teams, and local authorities. Recovery efforts prioritized restoring key services within a week, with full system restoration anticipated over several weeks. Leadership emphasized resilience among staff and students, leveraging pandemic-era adaptability during the disruption.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 16, 2024, the Fylde Coast Academy Trust in Lancashire, England, experienced a ransomware attack targeting its IT infrastructure, disabling system access and disrupting operations across all 10 of its academies. The attack occurred in the morning, compromising administrative tasks, phone lines, student records, and classroom activities. Affected institutions included Aspire, Montgomery, and Unity high schools, along with several primary schools. Trust CEO Dean Logan confirmed the ransomware infection caused limited accessibility to systems, forcing staff to implement non-computer-based processes. The attack’s full impact remained unclear initially, with Logan estimating several days to assess damages and weeks to fully restore normal operations, though "key services" were projected to resume within a week. No threat actor claimed responsibility, and authorities did not disclose whether a ransom was demanded or the attackers’ identity.
The Trust activated response protocols within hours, receiving support from the UK Department of Education, a cybersecurity team, local authorities, and neighboring school trusts. Logan advised parents and carers to limit communication with schools to essential matters, emphasizing staff and pupils’ resilience and the application of crisis-management skills honed during the COVID-19 pandemic. Manual procedures replaced compromised digital systems for administrative and educational functions. Dr. Darren Williams of BlackFog noted the incident reflected broader trends, citing a 12% month-over-month increase in education-sector ransomware attacks in August 2024. Recovery efforts prioritized maintaining educational continuity while ensuring thorough ransomware removal. The Trust acknowledged community and institutional support but did not specify technical containment measures, data compromise details, or whether law enforcement was involved beyond initial cybersecurity collaboration.