British High School Sends Students Home After Cyberattack Disrupts Operations

Key Points

• Great Marlow School in Buckinghamshire, England, sent the majority of its 1,428 pupils home for the second day on Thursday, June 11, 2026, following a cybersecurity incident affecting ICT systems
• Headteacher Guy Pendlebury confirmed the school remains closed while working with specialist IT and cybersecurity professionals to resolve the malware incident
• Only Year 11 and Year 13 students sitting GCSE and A-Level external examinations were permitted to attend school as scheduled
• The school is responding in line with guidance from the Department for Education (DfE) and the National Cyber Security Centre (NCSC)
• Internal mock examinations for Years 10 and 12 have been postponed and will be rescheduled where possible
• The Year 7 and 8 athletics event proceeded as planned on Thursday, but the Year 7 Learn to Row session was rearranged
• Teachers cannot set specific work, though students may access revision materials via Microsoft Teams and the Student Zone on the GMS Hub
• UK’s Information Commissioner’s Office recorded 1,959 cyber incidents affecting the education and childcare sector between 2019 and 2025
• 2023 saw the highest single-year figure with 354 incidents, when Vice Society ransomware gangs attempted to extort schools by publishing sensitive files about at-risk children
• 259 cyber incidents were reported to the ICO in 2025, with both the data protection regulator and NCSC expressing concern that ransomware victims increasingly keep incidents secret
• The British government is considering plans to put legal obligations on ransomware attack victims to report incidents to appropriate authorities
• In April 2026, a 16-year-old boy was arrested in Northern Ireland after a cyberattack disrupted educational systems used by potentially hundreds of thousands of students
• Earlier in 2026, Higham Lane School in Nuneaton, central England, was forced to close due to a cyberattack
• The University of Nottingham separately confirmed a cyber incident claimed by the Shiny Hunters cyberextortion gang impacting a “significant amount” of data affecting current and former students
• In the United States, the FCC states disclosed cyber incidents at schools now number around 400 annually, with recovery times ranging from two to nine months
• Research links at least 75% of data breach incidents affecting U.S. public school districts to security incidents involving vendors
• A recent attack on the learning tool Canvas, claimed by ShinyHunters, was reported to affect more than 9,000 schools worldwide
• In November 2023, several U.S. schools and universities reported simultaneous outages amid a spate of ransomware attacks targeting educational institutions

Buckinghamshire (Britain Today News) June 11, 2026 – Great Marlow School in Buckinghamshire, England, kept the majority of its 1,428 pupils at home for the second consecutive day on Thursday after headteacher Guy Pendlebury told parents the school was dealing with “a cybersecurity incident affecting our ICT systems”. The secondary school confirmed it will remain closed while working with specialist IT and cybersecurity professionals to resolve what has been identified as a malware incident compromising parts of its ICT network.

What Caused Great Marlow School to Close for Second Day?

As reported by Richard Murie of Hellorayo, headteacher Guy Pendlebury stated in a message on the school’s website:

“We understand that this situation may cause inconvenience and concern, and we sincerely appreciate your patience, understanding, and support as we take these necessary precautionary steps. The safety and wellbeing of our students, staff, and wider school community remain our highest priority at all times”.

The school confirmed it was following guidance from the Department for Education and the National Cyber Security Centre, with specialist IT and cybersecurity professionals assessing the situation. According to Computing UK, the disruption prevented staff from using the school’s usual email system to communicate with parents and carers, while teachers have also been unable to set work remotely.

Which Students Were Allowed to Attend School During Closure?

Pendlebury announced that only students sitting GCSE and A-Level external examinations were permitted to attend, with all other year groups advised to stay at home. Year 11 and Year 13 students must attend school for their external examinations as scheduled on their examination timetables, with all necessary arrangements in place to ensure examinations proceed as planned.

Students who have more than one examination or who are unable to leave the site between examinations due to transport arrangements will be able to remain on site to revise. BBC News reported that pupils in Years 11 and 13 have been instructed to attend school as scheduled for their external examinations, however, the school will remain closed to the majority of students on Wednesday, and internal assessments for Years 10 and 12 have been delayed.

What Examinations and Events Were Affected by the Cyberattack?

Internal examinations for Years 10 and 12 due to take place this week have been postponed, and a Year 7 rowing lesson was cancelled according to Computing UK. The school said mock examinations for Years 10 and 12 would be rescheduled where possible.

“Pendlebury confirmed via a public statement that the institution has heavily restricted network access as a precautionary measure,”

as reported by StreamlineFeed. Unfortunately, the Year 10 and Year 12 mock examinations that are due to take place will have to be rescheduled, where possible, with further details about the rescheduled dates to be shared with students and parents/carers in due course.

The Year 7 and 8 athletics event went ahead as planned on Thursday 11th June, with students participating in this event registering at the Redgrave Sports Centre in time for an 8:30 am departure and returning to school between 3:00 pm and 3:30 pm. Unfortunately, the Year 7 Learn to Row session scheduled for Thursday afternoon will be rearranged and more details will follow.

How Is the School Responding to the Cybersecurity Incident?

Pendlebury said the school was responding to the incident in line with guidance from the DfE and the National Cyber Security Centre (NCSC).

“The safety and well-being of our students, staff, and wider school community remain our highest priority at all times,”

he added.

The school confirmed it would remain closed to most students on Thursday as efforts continued to restore systems.

“We understand the disruption this causes and sincerely appreciate your continued patience, understanding and support,”

Pendlebury said.

“The safety and wellbeing of our students, staff and wider school community remain our highest priority”.

Great Marlow School has not disclosed the source of the attack or whether any personal data may have been compromised, as reported by Computing UK. The school said it remains the case that, at this time, teachers are not able to set specific work, however, students may continue to access revision materials via Microsoft Teams and the Student Zone on the GMS Hub where possible.

What Is the Timeline for School Closure and Updates?

The school will, unfortunately, remain closed to most students on Thursday 11th June, while continuing to work with specialist IT and cybersecurity professionals to resolve the issue and ensure all systems are fully secure, according to the official school update. A further update will be provided by the end of the school day on Thursday 11th June.

The headteacher has blamed a malware incident for the disruption to IT systems and communications. Great Marlow School, located in Buckinghamshire, reported that a malware incident impacted its ICT network, leading staff to deactivate certain sections of the system as a safety measure while an inquiry is conducted.

How Common Are Cyberattacks on UK Schools?

Data from the UK’s Information Commissioner’s Office (ICO), tracking cyber incidents in the education and childcare sector, records 1,959 incidents affecting the education and childcare sector between 2019 and 2025. The figure for 2023 was 354 — the highest single year in the dataset — when ransomware gangs such as Vice Society attempted to extort schools by publishing sensitive files about at-risk children on their dark net websites.

The latest figures for attacks on schools cover 2025, when 259 incidents were reported to the ICO. Both the data protection regulator and the NCSC have expressed concern that ransomware victims are increasingly keeping incidents secret.

A government survey in the UK indicates that educational institutions are at a higher risk of experiencing cyber-attacks or security breaches compared to private enterprises. Over the past year, 60% of secondary schools have encountered an attack or breach, while the numbers rise to 80% for further education colleges and 90% for higher education establishments.

The government’s Cyber Security Breaches Survey 2025 found that 44 per cent of primary schools and 60 per cent of secondary schools identified at least one cyber breach or attack in the previous 12 months. That’s actually higher than the 43 per cent figure for UK businesses overall.

What Government Plans Exist for Ransomware Reporting?

The British government is currently considering plans that would put legal obligations on ransomware attack victims to report the incidents to appropriate authorities. Both the data protection regulator and the NCSC have expressed concern that ransomware victims are increasingly keeping incidents secret.

What Is the Nature of the Incident at Great Marlow School?

The nature of the incident affecting Great Marlow School has not been confirmed. Great Marlow School said a malware incident had compromised parts of its ICT network, prompting staff to take sections of the system offline as a precaution while cybersecurity specialists investigate.

The ICO warned last year that student hackers motivated by dares are driving an increasing number of cyberattacks and data breaches affecting schools. In April, a 16-year-old boy was arrested in Northern Ireland after a cyberattack disrupted access to educational systems used by potentially hundreds of thousands of students.

What Other UK Schools Have Recently Experienced Cyberattacks?

Earlier this year, Higham Lane School in Nuneaton, a town in central England, was also forced to close due to a cyberattack. Higham Lane School in Nuneaton, Warwickshire, has reopened two weeks after a cyberattack forced it to shut its doors, with the attack occurring on 3rd January, taking out all digital services including telephones, email servers and the school’s management system.

In April 2026, a cyberattack on a shared school IT system in Northern Ireland caused widespread disruption, leaving hundreds of thousands of pupils and teachers temporarily unable to access essential services. On Thursday, schools received a message that as part of “work to manage an IT security issue” the EA would be carrying out a password reset for all users.

It has resulted in all schools and pupils being logged out of their accounts, meaning pupils cannot log in to get work or resources provided by their teachers in the run up to exam season.

What Cyber Incident Did University of Nottingham Confirm?

It comes as the University of Nottingham, 100 miles north of Great Marlow School, separately confirmed a cyber incident — claimed by the Shiny Hunters cyberextortion gang — impacting a “significant amount” of data affecting both current and former students.

On its leak site, ShinyHunters claims to have gained access to a sizable amount of company data – spanning 275 million records from 8,809 institutions, amounting to 3.65TB. According to a spokesperson for the group, the hackers intend to leak the full contents of the data by May 8 unless contacted by either Instructure or the affected schools.

Included in the information obtained by ShinyHunters — notorious in the hacking community for large-scale data breaches targeting major corporations — are emails, names, Penn ID numbers, and course enrollments. A message accompanying the cache stated that the group had user data from 275 million individuals along with “several billions of private messages”.
Explore More about Technology:
Protecting UK Airports from Dangerous Drones
Google Confirms Digital IDs Are Coming Soon to UK

How Do US School Cyberattacks Compare to UK Incidents?

In the United States, the FCC has stated that disclosed cyber incidents at schools now number around 400 a year, with recovery times ranging from two to nine months. Research has linked at least 75% of data breach incidents affecting U.S. public school districts to security incidents involving vendors.

A recent attack on the popular learning tool Canvas was claimed to have affected more than 9,000 schools. On May 3, cybercrime group ShinyHunters claimed responsibility for breaching Instructure — the parent company of Canvas — reportedly compromising the data of hundreds of millions of users, including 306,000 at Penn.

The group claimed the attack had affected nearly 9,000 educational institutions worldwide, although the extent of the disruption has not been independently verified. As early as May 1, 2026, ShinyHunters claimed responsibility for the Instructure/Canvas attack that reportedly affected nearly 9,000 educational institutions globally and exposed sensitive information tied to 275 million students, faculty members and staff.

Names, email addresses, student identifiers and private communications comprising a staggering 3.65 terabytes were stolen. The timing of the attack was especially damaging since it caused widespread operational disruption during final examinations and temporarily blocked access to coursework, assignments and collaboration systems at colleges and universities worldwide.

In November 2023, several U.S. schools and universities reported simultaneous outages amid a spate of ransomware attacks targeting educational institutions, with multiple districts coordinating with the FBI in a bid to address the threat.

Why Are Schools Increasingly Becoming Cyberattack Targets?

Schools are increasingly becoming targets for cybercriminals because of their reliance on digital systems and the sensitive information they hold, as reported by Computing UK. Educational institutions often manage large volumes of pupil and staff data, while many operate with limited IT resources, making them attractive targets for attackers seeking to cause disruption or demand ransom payments.

Adam Boynton, senior enterprise strategy manager at Jamf, commented on the latest attack, saying such incidents are likely to increase anxiety for students and families during an already demanding exam period.

“Beyond the immediate disruption, data breaches can cause lasting reputational damage, eroding trust among students, parents, and staff and potentially affecting enrolment,”

he said.

“In Great Marlow’s case, school closures can also disrupt businesses as parents are forced to stay home to care for their children. Schools are particularly vulnerable due to limited IT resources and budgets, which can restrict security investments,”

Boynton added.

“To reduce risk, schools and universities must maintain strong cyber hygiene through regular software updates, organisation-wide multi-factor authentication, and robust threat prevention tools that can quickly detect and remove unauthorised access,”

he recommended.

What Role Do Students Play in School Data Breaches?

The ICO analysed 215 personal data breach reports caused by insider attacks in the education sector between January 2022 and August 2024, as reported by ITPro. It found that 57 per cent of these incidents were caused by students.

In cases involving stolen login details, students were responsible in 97 per cent of incidents. Around a third (30%) of these incidents were caused by stolen login details, with students responsible for 97% of such attacks, using tactics such as guessing weak passwords or finding them jotted down on bits of paper.

The ICO report found that 23% of insider breaches in schools were caused by poor data protection practices. These include staff accessing or using data without a legitimate need, devices being left unattended and students being allowed to use staff devices.

A fifth (20%) of incidents were caused by staff sending data to personal devices, while 17% were attributed to incorrect set up or access rights to systems such as SharePoint. Over half (57%) of insider data breaches in UK schools are caused by students, with many children being set up for “a life of cybercrime,” a new report from the Information Commissioner’s Office (ICO) has found.

Hackers, like the VICE SOCIETY, will attack schools for their data, targeting pupil MIS systems, financial information, parent and investor details in order to obtain information to sell on the dark web, according to DataProtection.education. It encrypts data (renders files inaccessible) and demands ransoms for the decryption (access recovery).

The Vice Society ransomware crew has leaked a large volume of personally identifiable information (PII) on pupils and staff at 14 UK schools and universities, including children’s special educational needs (SEN) information, scanned passport data for school trips, and details of staff payroll and contracts.

Great Marlow School, which counts Olympic rowing champion Steve Redgrave among its former pupils, has not disclosed the source of the attack or whether any personal data may have been compromised. A further update will be provided by the end of the school day on Thursday 11th June, with the school emphasizing that the safety and wellbeing of our students, staff and wider school community remain our highest priority.