Ransomware: rhysida claims Tower View Primary School (GB) — Education

On 15 May 2026, a ransomware incident involving the Rhysida group was reported against Tower View Primary School in Great Britain, published on the ransomware.live tracking site under the BREACH framework. This event highlights a growing trend of cyberattacks targeting educational institutions, which are increasingly being treated as critical infrastructure by EU regulators. The publication confirms that sensitive data from the school was exfiltrated and threatened for release, underscoring the real-world impact of ransomware on public sector entities.

This change affects primary and secondary schools, universities, and other educational organisations across the EU and UK, as well as their data processors and cloud service providers. The education sector is now a high-priority target for ransomware groups, meaning compliance teams in these organisations must reassess their exposure under frameworks like GDPR, NIS2, and the EU Cyber Resilience Act. The incident also signals that regulators may intensify scrutiny of data protection measures in schools, especially regarding student and staff personal data.

Compliance teams should immediately verify that their incident response plans include ransomware-specific playbooks, particularly for data exfiltration scenarios. They should conduct a gap analysis of their backup and recovery procedures, ensure multi-factor authentication is enforced across all systems, and review third-party vendor security postures. Additionally, teams should prepare for potential regulatory reporting obligations under GDPR’s 72-hour breach notification rule and consider engaging with national cybersecurity authorities for threat intelligence sharing.