14 UK Schools Confidential Documents Leaked By Hackers

By   Adeola Adegunwa
Writer , Informationsecuritybuzz | Jan 06, 2023 07:16 am PST

Private information about young students was posted online as a result of a cyberattack that targeted schools across the nation. A major cyber-attack that affected 14 UK schools led to the disclosure of private student records.

Hackers exposed staff contracts and child passport scans that had been used for field trips on the internet. Documents included information about children’s special needs, contact details, including the headmaster’s pay, and receipts from the bursary fund. The data was first taken in 2022, possibly by the hacking organization Vice Society, but it has since been leaked online when schools refused to pay the demanded ransom.

The BBC reports that a number of high-profile cyberattacks on US and UK schools over the past few months have been spearheaded by the hacker gang. The Vice Society just stole 500 terabytes or so of data from the Los Angeles Unified School District, according to Wired. According to reports, the FBI has already issued a notice over the group’s activities.

As Predicted By Experts, High Attacks On Schools

The education industry is an attractive target for malicious cybercriminals because of the significant amount of sensitive data held on school and university networks, according to Achi Lewis, Area VP EMEA for Absolute Software. Because ransomware attacks are inevitable, educational institutions must be ready to avoid and respond to them. Otherwise, they run the risk of having their information stolen and disclosed.

“Robust network resilience, built on a foundation of strong user verification to prevent hostile actors from penetrating a network, is required to prevent a compromise of IT systems. For instance, Resilient Zero Trust checks users’ identities on a case-by-case basis, monitoring network and application access for odd activity and notifying centralized IT teams of any questionable conduct. Then, to stop threat actors from moving laterally across a network to do more harm, these teams can freeze or shut down potentially compromised devices.

“Recovery from a ransomware assault is a challenging undertaking, so it’s crucial for organizations to be ready to respond when one occurs. Schools and universities must make sure they have response mechanisms in place because the investigation, remediation, and recovery may take years after the initial attack, which itself may be many months.

The schools attacked include the following listed below: 

  • Carmel College.
  • St Helens.
  • Durham Johnston Comprehensive School.
  • Frances King School of English, London/Dublin.
  • Gateway College, Hamilton, Leicester.
  • Holy Family RC + CE College, Heywood.
  • Lampton School, Hounslow, London.
  • Mossbourne Federation London.
  • Pilton Community College, Barnstaple.
  • Samuel Ryder Academy.
  • St Albans, School of Oriental and African Studies London.
  • St Paul’s Catholic College.
  • Sunbury-on-Thames.
  • Test Valley School, Stockbridge.
  • The De Montford School, Evesham.

Demands Made By Vice Society Following The Attack

The Vice Society demanded money following the hack in order to stop documents from being made public on the dark web. Hackers have posted highly private papers from 14 schools across the UK online, the BBC has learned. The cyber-terrorist organization called Vice Society has been ruthlessly attacking educational institutions around the world, including the UK and the USA. The gang compromises victims’ systems by taking advantage of known vulnerabilities.

It disclosed data stolen from the Los Angeles Unified School District in an earlier campaign (LAUSD). The FBI warned that the organization was primarily targeting schools after the attack. When Xavier University in Ohio declined to pay the gang’s demands for ransom last month, the group claimed that it had exposed private information on students and staff there.

The threat organization publishes information about the dark web, a section of the internet that search engines do not use as an index. On the dark web, any cybercriminal may acquire stolen data and use it for their own ends, including selling it to others.


Private information, including children’s passports and job contracts, was made public as a result of a large cyberattack that affected 14 UK schools. The data was first stolen in 2022 by the hacker group Vice Society, but after schools declined to pay the required ransom, the information was later released online. This attack serves as yet another reminder of how sophisticated and well-targeted cyberattackers’ attack techniques are growing. Education institutions must be aware of the easy yet solid measures that can be taken to stop a data breach from happening.

Notify of
8 Expert Comments
Oldest Most Voted
Inline Feedbacks
View all comments
Jamie Akhtar
Jamie Akhtar , CEO and Co-founder
InfoSec Expert
January 19, 2023 12:17 pm

“Schools are fast becoming a favoured target of cybercriminals. Not only do they typically process reams of sensitive data but, due to tightening budgets, they also often lack robust cyber defences. And, even when these defences are in place, with so many staff and pupils accessing a network it can be difficult to manage cyber risk. 

This research demonstrates that while schools are seemingly aware of the need for good cybersecurity practices, they’re less confident about the practicalities of preventing and planning for a successful attack. 

The best way to counter this is through schemes like the government’s Cyber Essentials certification, which helps organisations put the basics in place, and more widespread cyber awareness training. Cybersecurity doesn’t have to be complex or confusing but it’s clear many schools need help to adopt the practices that will keep them and their pupils safe.”

Last edited 4 months ago by Jamie Akhtar
Steven Wood
Steven Wood , EMEA Director
InfoSec Expert
January 9, 2023 3:07 pm

“It’s unsurprising that education institutions continue to be targets for cybercriminals, especially considering they can be large, extensive organisations that are hard to administer and secure. Balancing resources between their mission of educating their students and the need for cybersecurity is an ongoing challenge.
As the education sector is a huge pool of highly sensitive data, often pertaining to vulnerable individuals, we recommend that all schools take real action for cyber resilience to protect students and staff. Often, precious data is sat on individual students’ laptops or desktops as well as institutional servers, so monitoring of access related to personal devices and the massive challenge of mis-managed or stolen credentials can pose real difficulties for IT departments. A holistic cyber resilience approach which includes proactive security measures, reactive recovery process as well as good IT-Hygiene discipline, is essential in defending afainst these targeted attacks.
Staff training is also an important measure when defending against cyber criminals. The training materials used in these need to be updated continuously to reflect the latest threat trends, and regular simulations should be run to ensure that the training has the desired effect. In summary, educational institutions need to ensure they are not the low-hanging fruit that makes easy pickings for cybercriminals.”

Last edited 4 months ago by Steven Wood
Rebecca Moody
Rebecca Moody , Head of Data Research
InfoSec Expert
January 9, 2023 3:06 pm

“The BBC’s findings takes the total number of ransomware attacks on schools in 2022 to 98–according to Comparitech’s worldwide ransomware tracker (which is based on publicly-confirmed attacks). The UK accounts for 16 of these attacks, while the US accounts for more than half (53) of these attacks. 

Furthermore, while we have noted a decline in the number of publicly-confirmed ransomware attacks in 2022, the number across educational institutions remained high (only dropping from 105 in 2021 to 98 in 2022–with more likely to be reported in the coming months for 2022). In fact, over the past four years, ransomware attacks on schools have remained rather consistent (102 in 2019, 113 in 2020). 

On average, hackers stole over 50,000 records in each attack in 2022 with nearly 665,000 records impacted in total (where reported). The average ransom demanded from educational institutions in 2022 was $1.25 million. Vice Society was also the most prolific (in these publicly-confirmed attacks), accounting for 25 in total. 

Some of the attacks noted by the BBC have previously been reported on. Durham Johnston’s attack reportedly took place in January 2022, Carmel’s in April 2022, and De Montfort’s, Mossbourne’s, St. Paul’s, and Pilton’s in May 2022.”

Last edited 4 months ago by rebecca.moody
Jamie Akhtar
Jamie Akhtar , CEO and Co-founder
InfoSec Expert
January 9, 2023 3:05 pm

“This is another sorry example of cybercriminals targeting the education sector. And, unfortunately, it’s part of a much larger trend. Over the past few years, we’ve seen these kinds of attacks target schools, colleges and universities more and more. The fact that highly sensitive information on children, including passport scans, have been exposed as part of this breach is particularly concerning. Children are among the most vulnerable victims of cybercrime and additional safeguards have been established as a requirement by the Information Commissioner’s Office as a result. Schools need to be aware that any information on special education needs would also be categorised as health data; therefore, calling for further security measures.

The motivations behind these attacks are simple: education providers process large amounts of incredibly sensitive data and, due to stretched budgets, don’t always have the strongest defences. In other words, they make an enticing target for would-be ransomware attackers and other cybercriminals. 

However, it’s also important to state that in this instance, the schools affected seem to have reacted to the breach in the right way. Notifying the ICO, blocking remote access and resetting all login credentials are important steps to isolating and minimising the damage. Moving forwards, schools should be more proactive in following government guidelines, and in particular, achieve and maintain Cyber Essentials.”

Last edited 4 months ago by Jamie Akhtar
Piers Wilson
Piers Wilson , Head of Product Management
InfoSec Expert
January 9, 2023 3:04 pm

“Many organisations hold sensitive data and as some get more secure and improve defences, others become more likely to fall prey to hackers as they seek out lower hanging fruit, as highlighted by the attacks that The Vice Society appear to be carrying out on schools.
“Large organisations might have considerable resources to use to protect themselves, but any organisation can be targeted by ransomware whether they have the resources to pay ransoms and secure themselves or not. The next victim might not even see their data as particularly sensitive or worthwhile for hackers to steal, but a crippling ransomware attack could still leave them in severe jeopardy. In the case of schools, breaches could leave children’s identities being compromised for the rest of their lives, so it’s critical that their personal data is protected.
“All organisations, including schools, need to ensure that at the very least they have in place the basic, most straightforward cyber defence best practices, especially around password hygiene, patching, administrative account management, controls on software and application use and multi-factor authentication for remote access.” 

Last edited 4 months ago by Piers Wilson

Recent Posts

Would love your thoughts, please comment.x