Confidential documents from 14 UK schools leaked by hackers following cyber-attack

14 UK schools have fallen victim to a major cyber-attack, resulting in confidential documents, including children’s passport scans and staff contracts, being leaked.

14 UK schools have fallen victim to a major cyber-attack, resulting in confidential documents, including children’s passport scans and staff contracts, being leaked.

The data was originally stolen in 2022, with hacking group Vice Society thought to be involved, but has now been leaked online after schools failed to pay the ransom demands set out.

The documents contained data such as children’s SEN information, staff contract details, including the headmaster’s salary, bursary fund receipts, and children’s passport scans which had been used for school trips.

Achi Lewis, Area VP EMEA for Absolute Software, commented: “The education sector is a lucrative target for malicious cyber-criminals due to the large volume of sensitive data stored on school and university systems. As a result, ransomware attacks are a case of when, not if, which demands educational institutions to ensure they are prepared to both prevent and respond to these attacks, else they risk having documents stolen and leaked.”

“Preventing a breach of IT systems requires strong network resilience, build on a platform of strong user verification to stop malicious actors breaching a network. Resilient Zero Trust, for example, works to verify users on a case-by-case basis, scanning for unusual activity in network and application access and alerting centralised IT teams to suspicious behaviour. These teams can then freeze, or shut down, potentially compromised devices to prevent threat actors from moving laterally across a network to cause further damage.”

“Recovery from a ransomware attack is a complex task so it is also important for organisations to prepare to react to these attacks when they happen. The investigation, remediation, and recovery can take years after the initial attack, which in itself can last several months, so schools and universities must ensure they have response protocols in place. Technology with self-healing capabilities can repair and re-protect breached devices to help restore both device and network resilience in order to prepare against repeat threats.”

The schools attacked included: Carmel College, St Helens; Durham Johnston Comprehensive School; Frances King School of English, London/Dublin; Gateway College, Hamilton, Leicester; Holy Family RC + CE College, Heywood; Lampton School, Hounslow, London; Mossbourne Federation, London; Pilton Community College, Barnstaple; Samuel Ryder Academy, St Albans; School of Oriental and African Studies, London; St Paul’s Catholic College, Sunbury-on-Thames; Test Valley School, Stockbridge; The De Montford School, Evesham.