Personal data belonging to pupils and staff has been accessed in a cyber security incident affecting school systems across Powys.
Powys County Council has today confirmed that 13 schools were affected by the incident, which was first identified in April 2026. Data was accessed from one of those schools.
The council says immediate action was taken to contain the incident and secure systems, and that specialist cyber security experts and partners are supporting an ongoing investigation. The incident has also been reported to the Information Commissioner’s Office (ICO) and police.
Early findings indicate that personal data relating to pupils, staff and others connected to the school has been accessed, although the council has not confirmed what type of information is involved or how many people are affected.
Families and individuals are being contacted directly where necessary.
Cllr Raiff Devlin, Cabinet Member for Customers, Digital and Community Services and Cllr James Gibson-Watt, Cabinet Member for a Learning Powys, said: “We understand that this incident will be very concerning for parents, staff and the wider community. We want to reassure people that immediate action was taken to secure systems, and a full investigation is underway with specialist support.
“We are contacting affected individuals directly where necessary and providing advice on steps they can take to protect themselves.
“The safety and wellbeing of pupils and staff remain our absolute priority, and we are committed to being transparent as our investigation progresses and will continue to support our schools throughout.”
They council says schools remain open and operational and there is no evidence of disruption to education provision.
They said it is not yet able to confirm the full scale of the incident and is prioritising direct contact with those affected.
A public Q&A published by the council confirms that 13 schools were affected but data was only taken from one. It also states the type of data includes pupil and staff information, but no further detail has been released due to sensitivity.
The council says it is continuing to investigate how the breach happened and will take further action based on the findings.
Reacting to today’s news, Brycheiniog Tawe Nedd MS Iain McIntosh said parents and staff would be “understandably alarmed” and warned that “important questions remain unanswered”.
“The council leadership must be completely transparent about what happened, how it happened, how many people have been affected, and whether this breach could have been prevented,” he said.
“The people of Powys deserve more than carefully worded statements and limited information. They deserve answers, accountability and reassurance that robust measures are now in place to protect sensitive information relating to children and school staff.”
He added he would be seeking further information from the council and pressing for “full transparency”.
Comments
This article has no comments yet. Be the first to leave a comment.