Following the recent ransomware attack on Fylde Coast Academy Trust, we have been working with our cyber security response team and the North West Regional Organised Crime Unit to investigate the ransomware attack.  We now understand that the hackers responsible for carrying out the attack have leaked the Trust’s data on the dark web.    

What does this mean?

Our cyber security response team is currently reviewing the Trust data which has been leaked on the dark web.  The investigation indicates that a few of our schools have been affected and some personal information will have been leaked, including from former members of staff and former pupils.  

What staff information has been affected?

Our investigation indicates that a few of our schools have been affected and some staff information will have been leaked.  This information includes names, addresses, email addresses, national insurance numbers, ID documents and bank details.  Some of this information may put individuals at risk of identity fraud, identity theft or other risks associated with a cyber-attack.  

What pupil information has been affected?

Our investigation indicates that a few of our schools have been affected and some pupil information will have been leaked.  This includes names, email addresses, details of pupil premium status, pupil support needs and free school meal status.  On its own, the information that has been accessed from our IT systems is very unlikely to pose any risk of identity fraud, identity theft or other risks associated with a cyber-attack.  However, if this information is combined with other information available online then the risk of identity fraud may increase.

Our investigation currently shows that not all of our schools have been affected, however we are notifying all staff, parents and carers of this update so that we can all take steps to reduce the risk of identity fraud or theft and remain vigilant.

What are we doing?

On discovering our IT systems had been compromised, the trust took immediate action to engage our cyber security response team to stop the attack, carry out an investigation and look at additional measures we can put in place to reduce the risk of any further ransomware attacks.  

The Trust has engaged with the police and the Information Commissioner’s Office (ICO) and we can confirm that the ICO has informed us that it will not be taking any regulatory action against the Trust.

Our investigation has shown no evidence that the affected information is publicly available online through traditional search engines.  Our cyber security response team have assured us that accessing the leaked information on the dark web is highly challenging due to the nature of dark web infrastructure. The affected data is not indexed like it would be on traditional websites and requires specialised tools to navigate hidden services. Additionally, download speeds on the dark web are significantly slower making it time-intensive to retrieve large datasets. This complexity, combined with the technical barriers of accessing and navigating the dark web, means that the affected information is not readily available or accessible to the general public. 

What steps can you take?

There are certain steps you can take to protect yourself from the risk of identity fraud, including:

  • Change your passwords for any accounts where you shared the same password as the one used to access the Trust’s IT system.
  • Ensure that you do not re-use passwords across important accounts in future.
  • Ensure you choose strong, unique passwords which are not easy to guess.  
  • Enable two-factor authentication across all your important accounts where this is available. 
  • Monitor your financial accounts and credit reports for any suspicious activity.  You can check your credit report for free from a number of credit reference agencies.
  • Report any suspicious banking activity to your bank immediately.
  • Be alert for phishing emails and text messages – messages where the sender is prompting you to click links or enter your details.

Further advice on using passwords to protect your data and spotting and reporting suspicious correspondence is available from the National Cyber Security Centre.

What happens next?

As our investigation begins to conclude, our systems have now been fully restored and the ransomware has been completely removed.  If any further steps need to be taken at a later date, we will communicate this to you. 

The Trust has a Data Protection Officer (DPO) to advise us on our obligations under data protection law.  The Trust’s DPO is Peter Montgomery.  If you have any concerns relating to data protection, you can contact our DPO by emailing dpo@fcat.org.uk