A cyber-attack on a leading postgraduate law school has left students unable to access course work as exams loom, the Gazette has learned. 

'All our course work is locked or blocked,' one student told the Gazette this morning. 

Internal messages seen by the Gazette confirm an IT ‘outage’ and state that: 'Unfortunately, following investigation into the IT issues and service outage we have been experiencing, we can confirm that BPP has been subject to a cyber-security incident whereby our systems were accessed by an unauthorised third party. 

BPP sign

Source: Alamy

'We are working closely with cyber-security specialists to conduct a thorough assessment of the incident and the nature and extent of any data affected. Investigating an incident like this is very complex and takes significant time.' 

Students are due to sit legal practice exams this month. 

BPP was acquired by private equity company TDR Capital in 2021. The university has around 21,000 students, studying across 13 centres, in eight locations across England and online around the world; over 83% are on postgraduate programmes. 

In a statement, BPP said:  'Following investigation into the IT issues and service outage we have been experiencing, we can confirm that BPP has been subject to a cyber-security incident whereby our systems were accessed by an unauthorised third party. Since we first identified network issues, BPP has been working closely with external specialists to bring our systems safely back online. We rapidly implemented interim solutions to ensure that students and colleagues have been inconvenienced as little as possible.

'We are pleased to say the majority of our core systems and network infrastructure are now securely restored. Teaching has been largely unaffected, and we have taken steps to ensure that no student is disadvantaged.

'We are working closely with cyber-security specialists to conduct a thorough investigation into the incident and the nature and extent of any data affected. If necessary, and in line with our legal obligations, we will contact those affected as soon as we can and provide the appropriate guidance and support.

'We have informed the relevant authorities and will be keeping them updated of any new developments.'

In June the National Cyber Security Centre updated its guidance to the legal sector, warning that it is a particular target for crimes such as 'phishing' and  'ransomware' attacks. 

 

This article is now closed for comment.