British High School Sends Students Home After Cyberattack Forces Campus Closure
Great Marlow School in Buckinghamshire, England, closed its campus for a second day after a cybersecurity incident knocked its ICT systems offline, with only exam-taking students allowed on site.
Great Marlow School, a secondary school in Buckinghamshire, England, sent the majority of its 1,428 students home for the second consecutive day on Thursday after what headteacher Guy Pendlebury described as “a cybersecurity incident affecting our ICT systems.” The school said it would remain closed while working with specialist IT and cybersecurity professionals to restore operations, with only students sitting GCSE and A-Level external examinations permitted to attend.
Pendlebury said in a statement on the school’s website that the school was responding in line with guidance from the Department for Education (DfE) and the National Cyber Security Centre (NCSC). “The safety and well-being of our students, staff, and wider school community remain our highest priority at all times,” he added, pledging to provide a further update by the end of the school day.
The nature of the incident has not been confirmed — no specific attack vector, ransomware family, or threat actor has been disclosed. The school did not say whether data had been stolen or encrypted, and it remains unclear whether the attackers have made any demands.
The attack adds to a troubling pattern of cyber incidents targeting UK schools. Data from the Information Commissioner's Office (ICO) shows 1,959 incidents affecting the education and childcare sector between 2019 and 2025, with 2023 recording the highest single-year figure at 354. In 2025, 259 incidents were reported to the ICO. Ransomware gangs such as Vice Society have previously targeted schools, publishing sensitive files about at-risk children on dark web leak sites.
Both the ICO and the NCSC have expressed concern that ransomware victims are increasingly keeping incidents secret. The British government is currently considering plans that would impose legal obligations on ransomware attack victims to report incidents to appropriate authorities. The ICO warned last year that student hackers motivated by dares are driving an increasing number of cyberattacks and data breaches affecting schools.
Earlier this year, Higham Lane School in Nuneaton was also forced to close due to a cyberattack. In April, a 16-year-old boy was arrested in Northern Ireland after a cyberattack disrupted access to educational systems used by potentially hundreds of thousands of students. The incident at Great Marlow School comes as the University of Nottingham, 100 miles north, separately confirmed a cyber incident claimed by the ShinyHunters cyberextortion gang that impacted a “significant amount” of data affecting current and former students.
In the United States, the FCC has stated that disclosed cyber incidents at schools now number around 400 a year, with recovery times ranging from two to nine months. Research has linked at least 75% of data breach incidents affecting U.S. public school districts to security incidents involving vendors. A recent attack on the popular learning tool Canvas was claimed to have affected more than 9,000 schools.
The closure of Great Marlow School underscores the persistent vulnerability of educational institutions to cyberattacks, which can disrupt learning, expose sensitive student data, and force prolonged campus shutdowns. With the UK government weighing mandatory ransomware reporting, incidents like this may soon carry legal as well as operational consequences.