College confirms cyber attack brought down IT systems

England’s largest adult education college City Lit had cancelled online lessons before Christmas due to serious 'IT disruption'

England’s largest adult education college City Lit had cancelled online lessons before Christmas due to serious 'IT disruption'

13 Jan 2023, 10:00

More from this author

CityLit has confirmed that a ransomware attack was responsible for a month-long IT outage, causing major disruption to online classes and enrolment.  

In a message sent to students on Wednesday, seen by FE Week, the college apologised for ongoing disruption but it couldn’t yet confirm whether any student data has been compromised.  

Regulators, including the Information Commissioner’s Office, have been informed.  

FE Week reported in early December that online lessons had been cancelled for the rest of the year and enrolment had to be paused due to “IT disruption”. The college couldn’t confirm the cause of the disruption with FE Week at the time as investigations were still ongoing. 

However the 800 word explanation sent to students this week doesn’t offer answers for students concerned about their data, as this is still being investigated.  

“Last year we became aware of some suspicious activity on part of our network which impacted a range of our IT systems. As soon as this was identified, we started to investigate alongside external specialists. 

“We have since confirmed this was a ransomware incident where an unauthorised third-party gained access to our systems and copied some information from our network. We successfully contained the incident by shutting down the network and began the process of getting our system back up and running.” 

Ransomware attacks have been a common tactic by cyber criminals targeting colleges and other institutions. Typically, attackers gain access to an institution’s systems and delete or encrypt files and data. A ransom note is then issued demanding payment in return for release of the stolen data.  

Further education colleges are particularly vulnerable to cyber-attacks.  

Survey evidence from the National Cyber Security Centre, an arm of GCHQ, last year showed that 88 per cent of further education colleges had identified a breach or attack in the preceeding 12 months.  

This compares to 92 per cent of higher education institutions, but 70 per cent of secondary schools, 41 per cent of primary schools and 39 per cent of all UK businesses. 

It is believed that weak defences and the quantity of data stored makes colleges attractive to cyber-criminals. 

The attack on CityLit brought online classes and enrolment to halt, as well as bringing down the college’s website and phone systems. In-person classes however were able to continue.  

Students affected by class cancellations have been contacted about claiming refunds.  

CityLit believes they have identified the group responsible for the attack through a post online which “names us [the college] and purports to contain files copied from our system.” 

The college confirmed to students that “paying a ransom to these criminals would not align with our values as an ethical organisation and would simply further fund criminal activity.” 

“There is no reason to believe anyone’s information was specifically targeted by this incident” the statement adds.  

However the college cannot yet say whether any students’ data was compromised in the attack.  

“These investigations are time-consuming, and it is important that we do them properly so that we can accurately inform you if there is any impact on your data. 

“Once our investigation is complete, we will be in touch directly with anyone who needs to take any particular action with more details and some guidance about the steps they should take.” 

A City Lit spokesperson said: “Last year we identified some suspicious activity on part of our network which we have since confirmed was a ransomware incident. Our team are working hard to resolve any disruption while in parallel our investigation is ongoing into the affected information.  

“We have updated our staff and students as well as reporting the incident to the Information Commissioner’s Office, law enforcement and other relevant regulators.” 

Latest education roles from

Director of School improvement (Primary) Nova Education Trust

Director of School improvement (Primary) Nova Education Trust

Satis Education

Learning Coach – Maths

Learning Coach – Maths

Barnet and Southgate College

Learning Coach – English

Learning Coach – English

Barnet and Southgate College

Lecturer in Agriculture

Lecturer in Agriculture

Capel Manor College

Lecturer in Environmental Conservation

Lecturer in Environmental Conservation

Capel Manor College

Chief Executive

Chief Executive

Scottish Funding Council

Sponsored posts

Sponsored post

#GE2024: Listen now as Let’s Go Further outlines the FE and skills priorities facing our new government

The Skills and Education Group podcast, Let’s Go Further, aims to challenge the way we all think about skills...

Advertorial
Sponsored post

How can we prepare learners for their future in an ever-changing world?

By focusing their curriculums on transferable skills, digital skills, and sustainability, colleges and schools can be confident that learners...

Advertorial
Sponsored post

Why we’re backing our UK skills champions (and why you should too)

This August, teams from over 200 nations will gather to compete in the sticky heat of the Paris summer...

Advertorial
Sponsored post

Is your organisation prepared for a major incident?

We live in an unpredictable world where an unforeseen incident or environmental event could disrupt a Further Education (FE)...

Advertorial

More from this theme

Colleges

Cumbrian college gets £1.5m emergency ESFA loan

Low T Level and adult enrolments cause financial hit - but principal says underlying position is 'solid and sustainable'

Billy Camden
Colleges, Skills reform

Hundreds of leaders make last-ditch plea for BTECs bonfire pause

455 school and college heads sign letter calling for minimum 1 year delay to defunding plans

Billy Camden
Colleges, General election

College ‘auto-enrols’ students on voting register

The scheme hopes to improve low turnouts of young voters

Josh Mellor
Colleges, Results 2024

GCSE resits 2024: Maths pass rate up but English falls again

Resit cohorts rose substantially this year

Billy Camden

Your thoughts

Leave a Reply

Your email address will not be published. Required fields are marked *

One comment

  1. The entire episode is quite unsettling – as a student there it’s been five months since the attach happened, but we haven’t had any word if our personal data have been compromised. I’m guessing no news is good news?