IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more
News

Exclusive: European Microsoft 365 outage sent Department for Education’s IT into “meltdown”

Crisis meetings were held as more than 6,000 employees were locked out of email, according to a source

Photo of a Microsoft building with clouds in view

The Department for Education (DfE) endured a 12-hour IT nightmare as a result of last month's European-wide Microsoft 365 outage.

The government department's IT systems were paralysed on 24 January, with more than 6,000 of its employees locked out of their cloud-based Microsoft and email accounts, according to a DfE source, our sister site Cloud Pro has learnt.

Crisis meetings were held throughout the day as officials scrambled with the consequences of a departmental-wide outage entirely out of their hands, and also unexplained at the time.

The civil servant, who requested not to be named, also confirmed that colleagues were forced to share confidential documents using Skype's instant messaging.

"It beggars belief that we were locked out of email for an entire day, the whole department was in meltdown," the source said.

A DfE spokesperson confirmed the department's systems were partially disrupted by the European-wide Microsoft outage on 24 January, and that contingency plans were put in place to mitigate these effects.

"The Department for Education was one of many organisations impacted by Microsoft's Outlook issues on Thursday 24 January," the spokesperson told Cloud Pro. "The impact of disruption to email services was managed and services resumed within 24 hours."

Staff used "smarter working technology" to continue delivering services as smoothly as possible, while "normal business continuity arrangements" were deployed to minimise the impact of disruption to mail services. The spokesperson would not confirm whether the 'businesses continuity arrangements' existed prior to 24 January. The department's video conferencing and shared documents services were unaffected.

The Microsoft 365 outage struck organisations from 9:30am on 24 January, with firms across the continent experiencing severe IT difficulties. Microsoft acknowledged that it was experiencing problems with its services, and engineers worked to restore services at around 8pm the same evening.

"This incident underlines the very real risk authentication delays can have on critical email systems, disrupting government business and preventing officials from sharing confidential information securely," said Centrify's vice president John Andrews.

"With rising levels of cyber attacks, it's vital that all departments ensure privileged access to confidential data is a major priority, so that systems are protected from outsider threats at all times."

The incident demonstrates just how dependent massive organisations, including critical government services, are on third-party cloud vendors to provide an undisrupted service at the risk of sustaining organisational paralysis.

Microsoft also suffered a global authentication-related outage four days later, with users from nations across the world including the US and Japan unable to login to critical cloud-based services.

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Most Popular

Actively exploited server backdoor remains undetected in most organisations' networks
cyber attacks

Actively exploited server backdoor remains undetected in most organisations' networks

1 Jul 2022
Macmillan Publishers hit by apparent cyber attack as systems are forced offline
Security

Macmillan Publishers hit by apparent cyber attack as systems are forced offline

30 Jun 2022
Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022