Schools in the UK have suffered a cyberattack, and confidential documents have been leaked online by cybercriminals.
A report from the BBC claims that children’s SEN information, child passport scans, staff pay scales, and contract details have been stolen by notorious cybercrime group Vice Society
Pates Grammar School in Gloucestershire is one of 14 to have been impacted by the data breach, with Vice Society hackers using generic search terms to steal documents. “One folder contains passport scans for pupils and parents on school trips going back to 2011, whereas another contains contractual offers made to staff alongside teaching documents on muscle contractions. Another folder contains documents on the headmaster’s pay and student bursary fund recipients.
The hack at Pates is estimated to have taken place on September 28 before data was published on the dark web. The UK Information Commissioner’s Office and Gloucestershire Police confirmed they were investigating the alleged breaches in 2022.
Alongside information from Pates, it has been claimed to have found confidential documents purporting to be from the following establishments:
- Carmel College, St Helens
- Durham Johnston Comprehensive School
- Frances King School of English, London/Dublin
- Gateway College, Hamilton, Leicester
- Holy Family RC + CE College, Heywood
- Lampton School, Hounslow, London
- Mossbourne Federation, London
- Pilton Community College, Barnstaple
- Samuel Ryder Academy, St Albans
- School of Oriental and African Studies, London
- St Paul’s Catholic College, Sunbury-on-Thames
- Test Valley School, Stockbridge
- The De Montfort School, Evesham
School districts with limited cybersecurity capabilities and constrained resources are often the most vulnerable, but the opportunistic targeting often seen with cybersecurity can still put school districts with robust cybersecurity programs at risk. They are lucrative targets.