A “cyber security incident” has forced a major national awarding organisation to shut down its IT systems, triggering widespread cancellations to assessments and a halt to new learner registrations.
NCFE has locked down all of its online systems, including staff emails and its learner registration portal, while investigators determine the extent of the incident, which occurred late last week.
NCFE could not confirm at this stage whether any sensitive data was compromised
In a message to customers yesterday afternoon, seen by FE Week, NCFE said it had detected “suspicious activity” on its network late last week. It immediately shut down its systems “as a precautionary measure” but acknowledged that would create “significant disruption” across its services.
Phone lines, live web chat and NCFE staff email accounts have all been temporarily shut down. The awarding body’s ‘Portal’ is also offline, meaning providers cannot currently register learners, upload evidence or claim certificates. NCFE has promised to let customers know when services will resume as soon as it is able to.
Any late registration or late booking fees incurred by centres as a result of systems going offline will be waived.
The shutdown also means most planned assessments have been cancelled. NCFE has told centres that T Level assessments scheduled for this week will continue as planned, and on-demand functional skills assessments can still be booked.
But paper-based assessments and all face-to-face and remote apprenticeship end point assessments planned from yesterday, December 1, have been cancelled and will be rearranged.
Students’ T Level employer-set project evidence can also not be uploaded until systems are back online.
External cyber security specialists are in the early stages of a forensic investigation to understand the cause and scope of the incident. NCFE was unable to confirm whether any sensitive data was accessed or compromised.
NCFE said: “As our investigation is in its early stages, we are currently not in a position to confirm details or draw any conclusions on any specific data involved. These investigations take time, but please be assured that understanding this is a key focus of our investigation.”
David Gallagher, chief executive of NCFE, apologised for “any inconvenience or concern” and said staff were working “around the clock” the bring systems safely back online.
Cyber attacks against awarding organisations are rare.
An Ofqual report last year said there was one attack on an organisation “affiliated to three awarding organisations” and one attack on an awarding organisation that delivers general qualifications in 2024.
An Ofqual spokesperson said: “Ofqual is aware of a cyber incident affecting NCFE. We are in discussions with NCFE, who have engaged fully and appropriate steps are being taken to protect students’ interests. NCFE has confirmed that T Level assessments will continue as planned for the next two weeks.
“Ofqual will continue to assess closely NCFE’s actions.”
NCFE was approached for further comment.
More information and FAQs for students and centres are now available on NCFE’s website.
Your thoughts