Pupil hacked into computer and changed grades as GCHQ begins cyber security training for teachers

Pupil hacked into computer and changed their grades after teacher left their password on a note stuck to a laptop – as GCHQ begins cyber security training for school staff

  • The student had access to 20,000 records after obtaining teacher’s IT password
  • One of four real-life case studies revealed by the National Cyber Security Centre
  • The NCSC is offering teachers free training after an increase in school incidents
  • Data shows 83 per cent of schools experienced a cyber security incident in 2019 

A pupil hacked into their teacher’s computer to change grades after finding the password on a note stuck to a laptop. 

The same password was used for access to multiple accounts and the pupil’s hack is among the incidents which prompted GCHQ to offer cyber security training to school staff.

After obtaining the password, the pupil was able to access more than 20,000 records and change their grades, GCHQ’s National Cyber Security Centre says.

The incident, which resulted in disciplinary action for the school by the Information Commissioner’s Office, is used as one of four real-life case studies given as part of the Government’s new training programme.

The initiative was launched yesterday and school staff are being urged to take part in the free training to improve their defence against online attacks.

Data from the NCSC, which was set up in 2016, shows that 83 per cent of schools experienced some form of cyber security incident in 2019 and less than half of schools say they are confident they are prepared for a cyber attack.

A student hacked into a teacher’s computer and changed grades after finding the password on a note stuck to a laptop it has been revealed as the Government’s National Cyber Security Centre has launched new training programme for teaching staff after an increase in attacks

Another case study from the training details how an unencrypted USB stick containing sensitive pupil data was lost after it was taken off school grounds.

The stick was eventually found by a member of the public who handed it back to the school and reported it to the Information Commissioner’s Office.

Sarah Lyons, NCSC Deputy Director for Economy and Society Engagement, said: ‘It’s absolutely vital for schools and their staff to understand their cyber risks and how to better protect themselves online.

‘That’s why we’ve created an accessible, free training package offering practical steps on cyber security to help busy professionals boost their defences.

‘By familiarising themselves with this resource, staff can help reduce the chances of children’s vital education being disrupted by cyber criminals.’

The training, available from shines a light on the main threats schools face and outlines the severe impact cyber incidents can have, with one case study showing how a school lost a substantial sum in school fees after reception staff fell victim to a phishing scam.

Data from National Cyber Security Centre, which is part of GCHQ (pictured), shows that 83% of schools experienced an attack in 2019 while less than half feel prepared to deal with one

Data from National Cyber Security Centre, which is part of GCHQ (pictured), shows that 83% of schools experienced an attack in 2019 while less than half feel prepared to deal with one

After tricking the independent school into sharing all parents’ contact details, the parents were then emailed by the criminals and send their school fees to a new account by someone claiming to be from the school.

The account belonged to the imposters and the parents’ details were also sold on for the purpose of identity fraud.

The final case study detailed how a fraudster contacted a school claiming to be from the Department for Education and asked for the headteacher’s email address and the head of finance’s contact details.

The fraudster then emailed ransomware to the headmaster which encrypted all files across the school’s entire network.

To unlock the files, the criminal demanded £8,000 in cryptocurrency from the school. 

Schools Minister Nick Gibb said: ‘It is vital that schools have robust cyber security in place, and these new resources and training will help staff to increase protection from attacks.

‘This training will boost support for schools, giving teachers the tools and skills they need to identify possible risks.

‘I would strongly encourage all schools to adopt the resources and all staff to complete the training to make sure data is protected.’

The launch of the training builds on a raft of support given to schools since research commissioned by the NCSC in 2019 found 92 per cent of UK schools would welcome more cyber security awareness training for staff.