College confirms cyber attack brought down IT systems

England’s largest adult education college City Lit had cancelled online lessons before Christmas due to serious 'IT disruption'

England’s largest adult education college City Lit had cancelled online lessons before Christmas due to serious 'IT disruption'

13 Jan 2023, 10:00

More from this author

CityLit has confirmed that a ransomware attack was responsible for a month-long IT outage, causing major disruption to online classes and enrolment.  

In a message sent to students on Wednesday, seen by FE Week, the college apologised for ongoing disruption but it couldn’t yet confirm whether any student data has been compromised.  

Regulators, including the Information Commissioner’s Office, have been informed.  

FE Week reported in early December that online lessons had been cancelled for the rest of the year and enrolment had to be paused due to “IT disruption”. The college couldn’t confirm the cause of the disruption with FE Week at the time as investigations were still ongoing. 

However the 800 word explanation sent to students this week doesn’t offer answers for students concerned about their data, as this is still being investigated.  

“Last year we became aware of some suspicious activity on part of our network which impacted a range of our IT systems. As soon as this was identified, we started to investigate alongside external specialists. 

“We have since confirmed this was a ransomware incident where an unauthorised third-party gained access to our systems and copied some information from our network. We successfully contained the incident by shutting down the network and began the process of getting our system back up and running.” 

Ransomware attacks have been a common tactic by cyber criminals targeting colleges and other institutions. Typically, attackers gain access to an institution’s systems and delete or encrypt files and data. A ransom note is then issued demanding payment in return for release of the stolen data.  

Further education colleges are particularly vulnerable to cyber-attacks.  

Survey evidence from the National Cyber Security Centre, an arm of GCHQ, last year showed that 88 per cent of further education colleges had identified a breach or attack in the preceeding 12 months.  

This compares to 92 per cent of higher education institutions, but 70 per cent of secondary schools, 41 per cent of primary schools and 39 per cent of all UK businesses. 

It is believed that weak defences and the quantity of data stored makes colleges attractive to cyber-criminals. 

The attack on CityLit brought online classes and enrolment to halt, as well as bringing down the college’s website and phone systems. In-person classes however were able to continue.  

Students affected by class cancellations have been contacted about claiming refunds.  

CityLit believes they have identified the group responsible for the attack through a post online which “names us [the college] and purports to contain files copied from our system.” 

The college confirmed to students that “paying a ransom to these criminals would not align with our values as an ethical organisation and would simply further fund criminal activity.” 

“There is no reason to believe anyone’s information was specifically targeted by this incident” the statement adds.  

However the college cannot yet say whether any students’ data was compromised in the attack.  

“These investigations are time-consuming, and it is important that we do them properly so that we can accurately inform you if there is any impact on your data. 

“Once our investigation is complete, we will be in touch directly with anyone who needs to take any particular action with more details and some guidance about the steps they should take.” 

A City Lit spokesperson said: “Last year we identified some suspicious activity on part of our network which we have since confirmed was a ransomware incident. Our team are working hard to resolve any disruption while in parallel our investigation is ongoing into the affected information.  

“We have updated our staff and students as well as reporting the incident to the Information Commissioner’s Office, law enforcement and other relevant regulators.” 

More from this theme


Annual accounts blackout remains at five colleges

Deadline for publication was January 31. Here's why a handful are still yet to surface

Billy Camden

Probe finds ‘funding irregularities’ in huge salary of Weston’s ex-principal

The college's longstanding chair has now stepped aside amid ESFA intervention into retired boss Sir Paul Phillips' pay

Anviksha Patel
AI, Colleges

Ministers plan to appoint edtech evidence checkers

Experts to scrutinise classroom impact of technology tools as part of new AI training package for teachers worth up...

Lucas Cumiskey
Colleges, Skills reform

MPs: DfE should include FE in teacher recruitment forecasts

FE is the 'worst impacted' sector yet often ignored by DfE plans

Josh Mellor

Large south west college group announces new principal

Rob Bosworth will leave Exeter College after 24 years to lead Cornwall College Group

Billy Camden
Colleges, Employment

Lecturer wins over £50k from large college group for unfair dismissal

New City College bosses would not have fired lecturer if ‘fair procedure’ was followed, judge rules

Anviksha Patel

Your thoughts

Leave a Reply

Your email address will not be published. Required fields are marked *

One comment

  1. The entire episode is quite unsettling – as a student there it’s been five months since the attach happened, but we haven’t had any word if our personal data have been compromised. I’m guessing no news is good news?