St Anne's Catholic School in Southampton, UK, has become the latest victim claimed by the Lynx ransomware gang, which alleges it stole confidential information, financial data, and contracts during a March 2026 attack. The school, which serves over 1,200 students aged 11 to 18, was forced to close for four days before reopening on March 27. Parents were notified of the incident via email on March 22.

Headteacher Julian Waterfield has consistently maintained that no data breach occurred, stating in an April 17 update that the impact was limited to temporary loss of network control affecting teaching resources, internet access, and safeguarding systems. However, the school has not confirmed or denied Lynx's specific claims, nor disclosed whether any ransom was paid. Comparitech has reached out to the school for additional information.

Lynx typically executes attacks in two stages. First, the group encrypts victim systems and demands payment for decryption. Second, if initial ransom demands are not met, the attackers threaten to release or sell stolen data on the dark web. Threat actors often maintain persistent access to compromised networks for extended periods before triggering encryption, allowing ample time to exfiltrate sensitive information.

Since establishing its data leak site in July 2024, Lynx has been linked to 389 attacks, with 58 confirmed by affected organizations. The group primarily targets government entities and manufacturers, making the St Anne's incident its first confirmed attack on an educational institution. Lynx is believed to be a spinoff of the INC ransomware group and operates a Ransomware-as-a-Service model, where affiliates receive a portion of ransom payments for deploying the group's malware and infrastructure.

The UK has experienced 120 ransomware attacks in 2026 to date, with six confirmed by victims. Recent confirmed incidents include attacks on technology firms Distinctive Systems and Adaptavist, automotive data provider Autovista, architecture firm Urban Edge Architecture, and sports organization England Hockey. Security experts recommend organizations implement robust backup systems, network segmentation, and incident response plans to mitigate ransomware risks.

Source: https://www.comparitech.com/news/ransomware-gang-claims-attack-and-data-theft-from-uk-city-school/