Cookie options
Toggle mobile menu visibility

Dealing with emergencies - Cyber Security

Image representing cyber security

Cyber incident affecting school systems

We are responding to a cyber security incident affecting some school systems, which has resulted in unauthorised access to some personal data.

The incident was initially identified in April 2026 and was contained quickly. Immediate and robust action was taken to secure systems and limit further impact. Specialist experts and partners are supporting a detailed and ongoing investigation.

Early findings confirm that some personal data relating to pupils, staff and others connected to the school has been accessed from one school. Work is ongoing to fully understand the scope of the incident and identify all those affected.

We understand that this incident will be very concerning for parents, staff and the wider community. We want to reassure people that immediate action was taken to secure systems, and a full investigation is underway with specialist support.

We are contacting affected individuals directly where necessary and providing advice on steps they can take to protect themselves.

The safety and wellbeing of pupils and staff remain our absolute priority, and we are committed to being transparent as our investigation progresses and will continue to support our schools throughout.

Schools remain open and operational, and there is no evidence of disruption to education provision.

Q: What exactly has happened?

A: We have identified a confirmed cyber security incident, detected in April 2026, involving unauthorised access to some school systems and personal data. We are working with specialist experts and partners, including the police, to investigate how this happened and the full extent of the data involved.

Q: What kind of data has been accessed?

A: Our investigation is ongoing, but it includes data relating to pupils and staff. Because of the sensitivity of the information, we are not providing detailed breakdowns publicly, but we are contacting affected individuals directly.

Q: How many people are affected?

A: Because of the sensitive nature of this matter, we are not at this point able to confirm the scale of the incident or share detailed information publicly. Affected families are being contacted directly.

Q: Which schools are affected?

A: Overall, 12 schools were affected by the cyber security incident, but, based on the information available to us at this time, data was only compromised at one of those schools. Because of the sensitive nature of this, we are not naming specific individuals or sharing detailed information publicly. Affected families are being contacted directly.

Q: When did this happen? Why are you only telling people now?

A: As soon as we became aware of the incident in April 2026, we acted quickly to contain it and begin a detailed investigation. This process takes time to ensure we fully understand the situation and can share accurate information without creating any further risk. We are committed to keeping people informed and are providing updates as soon as it is appropriate to do so.

Q: Have you reported this to the ICO?

A: Yes. The incident has been reported to the Information Commissioner's Office (ICO), and we are maintaining contact with them, and complying with all relevant legal and regulatory requirements.

Q: Are schools safe to attend?

A: Yes. Schools remain open and there is no evidence that this incident is affecting the day-to-day safety or operation of schools.

Q: Has sensitive or safeguarding-related data about children been exposed?

A: We understand the concern around this. Because of the sensitive nature of the data, we are not sharing specific details publicly. However, safeguarding is our absolute priority, and we are assessing risks carefully and contacting individuals directly where any additional support may be needed.

Q: Who is responsible for this breach? Was this a failure by the council?

A: Our focus is on responding to the incident and supporting those affected. The investigation into how this happened is ongoing, with specialist cyber experts, and it would not be appropriate to speculate at this stage.

Q: Was this caused by a cyber-attack (e.g. ransomware)?

A: The investigation is ongoing, and we are working with specialists and partners, including the police and their Regional Organised Crime Unit, to establish the exact nature of the incident.

Q: Could this have been prevented?

A: There are robust security measures in place, but unfortunately cyber incidents are an increasing risk for all organisations. We are working with schools and their IT partners to review all aspects of their systems and processes as part of the investigation and will take any further action required.

Q: Why should parents trust schools with their children's data?

A: We understand that trust is critical. We acted immediately to help secure systems, we are working with leading specialists, and we are taking all necessary steps to continue to strengthen security and protect data going forward.

Q: Are individuals at risk of identity theft or harm?

A: At this stage, the level of risk will vary depending on the individual. We are assessing this carefully and contacting those affected directly with tailored advice and support where needed.

Q: Why weren't those affected contacted sooner?

A: Although immediate and robust action was taken to contain and secure systems as soon as the incident was detected in April 2026, the full investigation, supported by specialist expertise, has required time to determine the overall impact of the cyber incident, including identifying the data affected and those impacted.

Q: Are you offering support?

A: Yes, support is being put in place for affected individuals, and we will provide clear advice and guidance directly to them.

Q: I'm worried about my data, what can I do to keep safe?

A: It's always good to be cautious over your personal data. This includes being careful when receiving unexpected emails, text messages or phone calls, avoiding sharing personal information unless you are confident the request is genuine, and report any suspicious emails.

Follow these top tips for staying secure online: https://www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online

Q: Have you informed all those affected yet?

A: We are prioritising contact with those most directly affected. This is being done carefully to ensure people receive accurate and helpful information, providing details of the data involved where appropriate and guidance on steps they can take to protect themselves.

Q: Is my child affected?

A: We're contacting individuals directly where needed. You can also contact education@powys.gov.uk if you're concerned.

Q: Is this going to cost the council money?

A: Our priority is managing the incident and protecting those affected. Any financial implications will be considered as part of the ongoing response and recovery process.

Q: Will anyone be held accountable?

A: It is important that we complete a full and thorough investigation first. We will take appropriate action based on the findings.

Share this page