Tanbridge House School

Tanbridge House School, also known as THS, is a secondary school located in West Sussex, United Kingdom. Its core function is providing education to students, operating as an institution within the UK's state education sector. The school's operational environment includes reliance on digital systems for administrative and educational purposes, as evidenced by the significant disruption caused when external malicious actors launched a ransomware attack in early March 2023. This incident, attributed to the ransomware group Ransom House, resulted in the locking of staff and students out of critical systems, directly impacting the school's ability to conduct normal operations. The attack specifically targeted the school's data and infrastructure, with the perpetrators subsequently claiming to have stolen personally identifying information and threatening its publication. This event placed the school within a broader pattern of cyber incidents affecting educational establishments in the region during that period, highlighting a sector-wide vulnerability to such threats.

In response to the cyber attack, Tanbridge House School engaged external cybersecurity experts to manage the incident and undertake a comprehensive rebuild and enhancement of its compromised systems. This technical recovery effort involved the substantial task of reconfiguring over 300 computers and planning the issuance of new login credentials across the institution. The school formally reported the incident to the UK's Information Commissioner’s Office (ICO), the national data protection regulator, fulfilling its legal obligations. While the school's own assessment, supported by initial investigations, found no evidence of a sensitive data breach, the attackers provided an "evidence pack" they claimed proved data exfiltration, creating a prolonged state of concern regarding the potential exposure of student and staff personal details. The school's public stance maintained that no compromise of sensitive data was identified, even as the ransomware group's claims escalated the situation. The incident necessitated a focused effort on restoring normal educational services rapidly while navigating the complex technical and regulatory aftermath of a high-profile ransomware event.