A Birmingham college has closed all its campuses to students for a week following a “major” ransomware cyber attack that disabled its core IT systems.
The eight sites of South and City College Birmingham will be shut and revert to online teaching from today while computer forensic specialists work to fix the problem.
The college has said the government and the Information Commissioner’s Office have been informed.
Students only began returning for face-to-face teaching last week following the national lockdown.
A statement posted on the college’s website and its Twitter page on Saturday 13 March calls the incident a “major ransomware attack” – which is where computer systems are encrypted by hackers, who say they will only release them if a ransom is paid.
From today, the college says, “we will revert to online teaching for the rest of the week for all areas.
“We are therefore asking students to access their online lessons from Monday as during the lockdown.
“There may be some disruption during this time and we ask that you bear with us and contact your tutor if there are any problems.”
The college has since confirmed to FE Week the attack on Saturday involved data “on a number of servers and workstations connected to our domain” being encrypted by ransomware, while “a volume of data has been extracted from our servers”.
“We proactively removed a number of systems from our network upon discovering the incident.”
The college is now in the process of investigating the extent of the outbreak and are working to ensure security and restore service “as quickly as possible”.
1/3 TEMPORARY CAMPUS CLOSURES❗️The college has suffered a major ransomware attack on our IT system, which has disabled many of our core systems. Our campus buildings will therefore be CLOSED TO STUDENTS for a week from Monday 15 March to allow our IT specialists to fix the issue.
— @southandcitycol (@southandcitycol) March 13, 2021
The college has around 13,000 students, according to its 2019-20 financial statements. It was formed in 2012 by a merger of South Birmingham College and City College Birmingham, and in 2017 took over Bournville College.
Principal Mike Hopkins tweeted about the attack: “As if COVID wasn’t enough, hackers have finally got through our system and taken down all our IT systems – a few weeks getting it all sorted and back up.
“Unfortunately we’ve had to shut the college for a week and revert to online! Staff can still work from home and emails are OK.”
As if COVID wasn’t enough, hackers have finally got through our system and taken down all our IT systems – a few weeks getting it all sorted and back up. Unfortunately we’ve had to shut the college for a week and revert to online! Staff can still work from home and e mails are OK https://t.co/Bvb2Jh3zWN
— Mike Hopkins (@MikeHopkins13) March 13, 2021
ESFA warned about cyber attack
This is the latest in a number of cyber-attacks on colleges, which in August 2019 prompted the Education and Skills Funding Agency to publish advice on how colleges should protect themselves.
This included backing up data, training staff to verify email senders, firewalls, and a series of questions to evaluate “cyber” risk in their organisation.
Eighty per cent of further/higher education institutions identified a cyber security breach or attack in the 12 months prior to the end of 2019, according to the Department for Digital, Culture, Media and Sport’s Cyber Security Breaches Survey 2020.
Cyber criminals hacked into the personal details of past and present staff and students at Swindon College in September 2019, triggering a police investigation.
Officers were also called in that same month by South Staffordshire College after “ethical” hackers maliciously broke into a senior staff member’s email account and sent doctored emails, purporting to be from the principal and using racist language, to staff, local politicians and FE Week itself.
The email account of a teacher at Loreto College in Manchester was also used by hackers in November 2019 to email students about a hoax terror attack.