Explore what the recent cyberattacks on M&S, Co-op and West Lothian schools have in common and how your organisation can avoid the same mistakes.
Following data breaches at Marks & Spencer and the Co-op, the education sector has become the latest target.
In April, two major UK retailers made headlines for all the wrong reasons.
Marks & Spencer was affected by a data breach when attackers impersonated IT help desk staff and tricked employees into handing over their login credentials and multi-factor authentication (MFA) codes.
This gave the criminals direct access to internal systems and sensitive data.
Meanwhile, the Co-op narrowly avoided a full-scale crisis. Hackers infiltrated its network and attempted to deploy ransomware. But the Co-op's IT team acted quickly, disconnecting internal systems and preventing full encryption. Although this caused a short-term disruption, it ultimately minimised damage and sped up recovery.
Then, in May, the threat came closer to home when it impacted the education sector.
What Was Affected?
The ransomware attack primarily targeted internal school documents, including lesson plans and operational data. However, West Lothian Council has since confirmed that some personal and sensitive data was stolen, too.
While confidential pupil records, financial data and social care systems are stored separately, officials have not ruled out the possibility that medical or social work information may have been compromised.
The council has contacted parents, carers and staff at over 140 sites to inform them of the breach and offer support.
According to BBC reports, a group known as Interlock has claimed responsibility for the attack and is threatening to publish the stolen data unless a ransom is paid.
What Ties These Attacks Together?
Different targets. Different tactics. But they all have the same underlying issues.
- Phishing and social engineering
- Compromised credentials
- Delayed patching
- Weak network segmentation
- Lack of early detection
