Schools and Universities Hit by Coordinated Cyberattack. The Price of Putting Everything Online, Presented Annually.

What Happened

A coordinated international cyberattack has disrupted operations across a significant number of universities and schools. Systems have been knocked offline or compromised, affecting students, staff, and administrators. The BBC reports the attack spans multiple institutions, though the exact number, responsible party, and full scope of damage are not yet confirmed.

Historical Context

Large-scale cyberattacks on education have become a reliable annual event. In 2023, the MOVEit vulnerability compromised dozens of universities globally. In 2022, the Los Angeles Unified School District — the second-largest in the US — was hit by ransomware. In 2021, the UK's JISC (the national body for education IT) reported that over 60% of UK universities had experienced a significant attack. Education is the most targeted sector for ransomware, largely because institutions run legacy systems, have vast databases of personal data, and have limited IT security budgets. These attacks are disruptive and genuinely harmful, but institutions have consistently recovered. No cyberattack on a school or university has ever permanently closed one.

What's In Your Control

If you work or study at an affected institution: follow IT department guidance, change passwords if prompted, and be skeptical of any unusual emails requesting credentials. If you're not affiliated with an affected institution: review whether your own organisation backs up data offline and has basic phishing training — this is the single most effective defence.

Does This Require Action?

If you or your children attend a university or school currently affected: check official communications and follow IT guidance. If not directly affected, this warrants awareness rather than alarm. Permission granted to decline outrage until a responsible party is identified.