top of page

Mass Leak of Confidential Data from UK Schools

Fourteen schools in the UK have had confidential data leaked following cyber-attacks in 2022.

The leaked data includes students' SEN information, passport scans, and staff pay scales & contract details. This data was leaked after the attacked school refused to pay ransom demands.

The cyber-attacks and subsequent leaks are believed to be perpetrated by the threat actor Vice Society who have conducted numerous ransomware and extortion campaigns targeting education institutions in the UK & US.

The schools impacted by the leak are: Carmel College, St Helens; Durham Johnston Comprehensive School; Frances King School of English, London/Dublin; Gateway College, Hamilton, Leicester; Holy Family RC + CE College, Heywood; Lampton School, Hounslow, London; Mossbourne Federation, London; Pilton Community College, Barnstaple; Samuel Ryder Academy, St Albans; School of Oriental and African Studies, London; St Paul's Catholic College, Sunbury-on-Thames; Test Valley School, Stockbridge; The De Montford School, Evesham.

Many of these schools have informed parents, pupils & staff about the incident.

Cyber-attacks and ransomware heavily target the education sector. A report published by Sophos in July 2022 found that 56% of lower education institutions had been hit by ransomware in the previous year, along with 64% of higher education bodies.

To protect yourself from a data leak, it's essential to:

  • Keep your software and operating system up to date: Cybercriminals commonly exploit vulnerabilities to gain access to sensitive information. Keeping your software and operating system up to date with the latest security patches can help protect you from these exploits.

  • Use a password manager: Strong, unique passwords are a critical line of defence against cyberattacks, but remembering them can be difficult. A password manager can help you generate and store strong, unique passwords for your online accounts.

  • Use Two-Factor Authentication: Whenever possible, enable two-factor authentication (2FA) for your online accounts. This will require anyone trying to log in to your account to provide your password and a second form of identification, such as a fingerprint or a code sent to your phone, making it much more difficult for hackers to access your accounts.

  • Be cautious with emails and attachments: Data leaks often occur when cybercriminals trick people into opening malicious attachments or clicking on malicious links in emails. Be cautious of unsolicited emails and attachments, and never open an attachment or click on a link from an untrusted sender.

  • Use a Virtual Private Network (VPN) when connecting to public Wi-Fi: Public Wi-Fi networks are often unsecured, making it easy for cybercriminals to intercept your internet traffic and steal sensitive information. A VPN encrypts your internet traffic, making it much more difficult for cybercriminals to intercept your data.



bottom of page