Cyberattack disrupts Northern Ireland school network, affecting thousands of pupils

Around 300,000 pupils and 20,000 teachers rely on the system

A cyberattack on a centralised school IT system in Northern Ireland has caused widespread disruption, leaving hundreds of thousands of pupils and teachers temporarily unable to access essential educational services.

The Education Authority (EA), which manages school support services across the region, said it became aware of the incident last week after the "C2K" network was compromised.

The system, used by most schools, provides access to coursework, teaching materials, exam revision tools and communication platforms.

As a precaution, the EA shut down access to the network while it worked to contain the breach.

Impact on pupils

Around 300,000 pupils and 20,000 teachers rely on the system, although officials have not confirmed how many individuals have been directly affected. The authority said investigations are ongoing and it remains unclear whether any personal data has been accessed.

"The investigation is at an early stage and it cannot yet be confirmed if any personal data has been affected," the EA said in a statement.

The authority has launched a joint investigation with its service provider, Capita, alongside a specialist incident response team.

The nature of the cyberattack has not been disclosed.

Schools across Northern Ireland have been working to restore access, with some opening during the Easter holiday period to help pupils reset passwords and regain entry to their accounts.

At Regent House School in Newtownards, County Down, students returned to campus for technical support.

Daniel, an 18-year-old A-level student, told the BBC the outage had disrupted his coursework plans.

"It was a bit worrying to be honest, because I have coursework due very soon. Contacting teachers via [Microsoft] Teams and getting updates on coursework is what we use to be efficient and getting what we need to done," Daniel said.

More than 300 schools joined an EA webinar on Tuesday to receive guidance on recovery measures.

Officials said that while the incident remains ongoing, there is currently no evidence that data has been stolen or corrupted.

Schools beginning to recover

Eve Bremner of the EA said most schools were beginning to recover.

"It was caught early, we've been advised it was contained, we've moved into that recovery phase now," she told the BBC's Good Morning Ulster programme.

Around 80% of post-primary schools were back online, she said. She also thanked staff who had been working tirelessly to restore services.

In its latest update, the EA said it was making steady progress in restoring systems, prioritising pupils at critical stages of the academic year, particularly those preparing for exams. Efforts to fully restore the network are expected to continue over the coming days.

Officials said they must balance the urgency of reconnecting schools with the need to ensure the system is secure.

The EA has apologised for the disruption and said further updates will be provided as the situation develops.

Schools are easy targets for cybercriminals

Schools are often regarded as attractive targets for cybercriminals, as any disruption has an immediate impact. Their systems store large volumes of sensitive data, and cybersecurity is often managed by relatively small IT teams.

A 2024 government study found that 71% of secondary schools and 97% of higher education institutions had experienced a cyberattack within the previous year.

In 2024, a significant cyberattack disrupted operations at 10 schools in Lancashire. Last summer, a ransomware attack affected 11 schools in Shropshire, preventing pupils from submitting coursework for weeks and disabling printers.