A school in Coventry was hit by cybercriminals three separate times – all because of weak password practices and not using multi-factor authentication (MFA).
According to the UK’s Information Commissioner’s Office (ICO), the repeated attacks on Finham Park Multi Academy Trust affected the personal data of at least 1,843 people. It wasn’t until after the third breach that the school finally introduced proper cybersecurity measures.
What Went Wrong?
The ICO said that the school:
- Didn’t enforce strong password policies
- Allowed password reuse
- Failed to lock out accounts after multiple failed login attempts
- Used reversible encryption, making stored passwords easier to steal
- Didn’t train staff on basic cyber hygiene
As a result, attackers were able to compromise systems repeatedly using common, avoidable methods.
The Commissioner criticised the school for ignoring previous guidance, saying this made the situation more serious. “Where advice is not followed,” the ICO stated, “this will be taken into account as an aggravating factor.”
MFA Could Have Prevented it
Security experts agree that using multi-factor authentication (MFA) – which requires an extra login step beyond just a password – could have made these attacks much harder to carry out.
Sadly, the school only rolled out MFA and basic monitoring tools after the third attack.
This case highlights the real-world consequences of overlooking simple, well-known security practices. Cybercriminals actively target schools and public sector organisations because they know many lack funding, time, or awareness when it comes to cybersecurity.
A Wake-Up Call for the Education Sector
This isn’t just a Coventry problem. Schools across the UK and beyond are increasingly being targeted. And while funding and resources can be tight, the basics – like unique passwords, account lockout policies, and MFA can go a long way in preventing attacks.
Cybersecurity isn’t just an IT issue anymore – it’s a critical part of protecting students, staff, and communities.
How Can we Help?
At DTE, we work with schools, colleges, and trusts to help them build simple, cost-effective cybersecurity solutions. As a Gold Partner of RSA Security, we deliver proven tools like MFA, credential monitoring, and secure access management – all tailored to the needs (and budgets) of education providers.
If you want to make sure your systems are protected from the basics to the advanced threats, speak to us today. We’re here to help you stay secure and compliant.
