Cyber Incident Victim: SOAS University of London
Date:
Sep 2022
Location:
United Kingdom
Summary
The University of London School of Oriental and African Studies suffered a cyberattack by the Vice Society hacking group, resulting in the theft and subsequent leak of sensitive internal data. Staff contracts, budget details, and approximately 18,680 other files were compromised and published on the dark web. The institution confirmed the breach, notified affected staff and students, and implemented measures to prevent further escalation, characterizing it as a limited data breach. Forensic investigators were engaged to secure systems, restore operations, and minimize disruption, with ongoing support offered to impacted individuals. The incident mirrored broader targeting of educational institutions by cybercriminals exploiting sector-specific vulnerabilities in IT resources.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In September 2022, the University of London’s School of Oriental and African Studies (SOAS) suffered a cyberattack attributed to the hacking group Vice Society. The breach resulted in unauthorized access to internal systems and the exfiltration of approximately 18,680 files, including sensitive staff contracts and budget details. Vice Society, known for targeting educational institutions in the UK and US, leaked the stolen data on the dark web—a hidden internet segment requiring specialized tools to access. The group’s modus operandi involved stealing data, issuing ransom demands, and publicly leaking information if payments were not made, as evidenced in prior attacks like the 500-gigabyte theft from the Los Angeles Unified School District. SOAS confirmed the incident disrupted operations but stated measures were taken to prevent further escalation. The compromised data included internal administrative documents, though the breach was characterized as “small” and “limited” to files on internal storage. Specifics regarding initial intrusion vectors or ransom demands to SOAS were not disclosed in available reports.
SOAS notified affected staff and students promptly after confirming the breach and initiated direct communication with individuals whose data was exposed. The institution collaborated with cybersecurity specialists to conduct forensic analysis, restore key systems, and implement additional safeguards. While phone lines and IT systems faced temporary disruptions, SOAS minimized operational impacts and maintained continuity using alternative communication channels like temporary email accounts. The school reported the incident to the UK Information Commissioner’s Office (ICO) and law enforcement, aligning with regulatory requirements. Investigations by the ICO and local police into the broader Vice Society campaign, including attacks on 13 other UK schools like Pates Grammar School, were ongoing as of early 2023. SOAS emphasized ongoing support for affected parties but did not disclose financial losses, detailed remediation costs, or long-term technical countermeasures beyond asserting system security had been reinforced. The leak exposed sensitive institutional and personal data to a limited dark web audience, though broader public dissemination was not confirmed.