A major secondary school in Nuneaton, Warwickshire, has suspended on-site teaching after a cyberattack disabled all core digital infrastructure, including safeguarding, attendance and emergency communication systems, making it legally impossible to operate, according to Higham Lane School and its governing Central England Academy Trust. The newsroom reports this, citing Computing UK and Cybernews.
The attack was identified over the weekend of 3–4 January, just before pupils were due to return from the Christmas break. On Monday, 5 January 2026, senior leaders took the decision to isolate and shut down the entire school network to prevent further compromise, effectively forcing the school to close, The WP Times reports, referencing coverage by Computing UK and Recorded Future’s The Record.
Institutional and geographic context
Higham Lane School is a large co-educational academy serving around 1,470 to 1,500 pupils aged 11–18 in north Warwickshire, central England. It operates under the Central England Academy Trust, a multi-academy group responsible for schools across the Midlands.
The closure decision was taken by headteacher Michael Gannon following consultation with trust leadership and external cybersecurity advisers.
Operational impact
The cyberattack rendered the school unable to access or operate:
- Telephone and voicemail systems
- Staff and student email
- Digital attendance and safeguarding registers
- School management and administrative platforms
- Google Classroom
- Microsoft SharePoint
- Internal staff networks
These systems are not optional. Under UK regulation, they form the backbone of safeguarding, attendance compliance, medical oversight and emergency response. Without them, the school cannot legally or safely supervise pupils.
Why the shutdown was unavoidable
UK education law requires schools to maintain continuous access to:
- Live attendance and location data
- Medical and special educational needs (SEN) records
- Safeguarding alerts
- Emergency contact and escalation systems
With all of these disabled, Higham Lane School could not confirm who was on site, who required medical support, or how to respond to emergencies. Continuing to operate would have constituted a breach of statutory duty of care. The closure was therefore not precautionary but legally mandated by the loss of control over safeguarding infrastructure.
Government-level response
The incident has been escalated to national level. The school is working with:
- The Department for Education’s Computer Emergency Response Team (DfE CERT)
- Cybersecurity and IT specialists from the Central England Academy Trust
- External digital forensics and system recovery teams
All staff and pupils have been instructed not to log into any school-linked systems while forensic analysis and network cleansing are underway. In parallel, the school has activated data protection incident protocols, including potential notification to the Information Commissioner’s Office (ICO) should any personal data be confirmed as exposed.
Data security status
As of Wednesday, 7 January, investigators have not confirmed:
- Whether ransomware was deployed
- Whether data was copied or extracted
- Whether pupil or staff records were accessed
Forensic teams are examining system logs, servers and endpoint devices to determine how the breach occurred and what, if anything, was taken.
Reopening timeline
The school initially hoped to reopen this week but has now ruled that out. The current operational plan is for a phased return beginning Monday, 12 January 2026, subject to:
- Rebuilding of core systems
- Independent security validation
- Restoration of safeguarding and attendance platforms
Parents are due to receive a further update on Friday, 9 January.
With the campus closed, pupils have been asked to keep studying from home and to focus on revision and coursework that does not require access to school accounts or internal systems. Exam-year groups — particularly GCSE and A-level students — are being prioritised for guidance and any phased return planning. Families have been advised to use only external learning resources that are not connected to the school’s network, and pupils have been told not to attempt log-ins to platforms such as Google Classroom or SharePoint until further notice. The school’s public website remains available because it does not depend on the affected login infrastructure.
UK schools are increasingly attractive targets for cybercriminals because they hold large volumes of sensitive personal information, including children’s identity and safeguarding data, medical and special educational needs (SEN) records, and home addresses and parent or carer contact details. When these systems are taken offline, the impact is not just inconvenience: schools can become legally unable to operate because they cannot verify attendance, access safeguarding alerts, or reliably manage emergency communications. The Higham Lane School closure is a clear example of how cybersecurity has become a core part of the UK’s education infrastructure — not a peripheral IT issue — with the power to halt normal operations within hours.
Read about the life of Westminster and Pimlico district, London and the world. 24/7 news with fresh and useful updates on culture, business, technology and city life: How did Amazon Fire TV Stick 4K Max become the engine of Amazon’s new AI-powered TV platform