College confirms cyber attack brought down IT systems

CityLit has confirmed that a ransomware attack was responsible for a month-long IT outage, causing major disruption to online classes and enrolment.  

In a message sent to students on Wednesday, seen by FE Week, the college apologised for ongoing disruption but it couldn’t yet confirm whether any student data has been compromised.  

Regulators, including the Information Commissioner’s Office, have been informed.  

FE Week reported in early December that online lessons had been cancelled for the rest of the year and enrolment had to be paused due to “IT disruption”. The college couldn’t confirm the cause of the disruption with FE Week at the time as investigations were still ongoing. 

However the 800 word explanation sent to students this week doesn’t offer answers for students concerned about their data, as this is still being investigated.  

“Last year we became aware of some suspicious activity on part of our network which impacted a range of our IT systems. As soon as this was identified, we started to investigate alongside external specialists. 

“We have since confirmed this was a ransomware incident where an unauthorised third-party gained access to our systems and copied some information from our network. We successfully contained the incident by shutting down the network and began the process of getting our system back up and running.” 

Ransomware attacks have been a common tactic by cyber criminals targeting colleges and other institutions. Typically, attackers gain access to an institution’s systems and delete or encrypt files and data. A ransom note is then issued demanding payment in return for release of the stolen data.  

Further education colleges are particularly vulnerable to cyber-attacks.  

Survey evidence from the National Cyber Security Centre, an arm of GCHQ, last year showed that 88 per cent of further education colleges had identified a breach or attack in the preceeding 12 months.  

This compares to 92 per cent of higher education institutions, but 70 per cent of secondary schools, 41 per cent of primary schools and 39 per cent of all UK businesses. 

It is believed that weak defences and the quantity of data stored makes colleges attractive to cyber-criminals. 

The attack on CityLit brought online classes and enrolment to halt, as well as bringing down the college’s website and phone systems. In-person classes however were able to continue.  

Students affected by class cancellations have been contacted about claiming refunds.  

CityLit believes they have identified the group responsible for the attack through a post online which “names us [the college] and purports to contain files copied from our system.” 

The college confirmed to students that “paying a ransom to these criminals would not align with our values as an ethical organisation and would simply further fund criminal activity.” 

“There is no reason to believe anyone’s information was specifically targeted by this incident” the statement adds.  

However the college cannot yet say whether any students’ data was compromised in the attack.  

“These investigations are time-consuming, and it is important that we do them properly so that we can accurately inform you if there is any impact on your data. 

“Once our investigation is complete, we will be in touch directly with anyone who needs to take any particular action with more details and some guidance about the steps they should take.” 

A City Lit spokesperson said: “Last year we identified some suspicious activity on part of our network which we have since confirmed was a ransomware incident. Our team are working hard to resolve any disruption while in parallel our investigation is ongoing into the affected information.  

“We have updated our staff and students as well as reporting the incident to the Information Commissioner’s Office, law enforcement and other relevant regulators.”