Cyber Incident Victim: Moscow Electronic School
Date:
Dec 2022
Location:
Russia
Summary
A pro-Ukrainian hacker group known as NLB breached the Moscow Electronic School platform, leaking over three million personal records containing sensitive information such as login credentials, full names, birth dates, government-issued identification numbers, email addresses, and phone numbers. The compromised database reportedly affected a significant portion of Moscow residents, including schoolchildren, with independent verification confirming the presence of legitimate user data despite official denials from authorities regarding the breach's validity. The incident exposed vulnerabilities in the educational platform's security infrastructure, which hosts critical academic records and student portfolios for public school systems.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On December 13, 2022, pro-Ukrainian hacker group NLB publicly released over three million personal records obtained from the Moscow Electronic School (MES) database, a state-operated educational platform serving Moscow public schools. The breach was first reported by Data1eaks and multiple data-industry Telegram channels, which analyzed the compromised dataset containing 17 million lines of information last updated in August 2021. Exfiltrated records included users' login credentials, full names, birth dates, SNILS numbers (Russia's social security identifiers), email addresses, and phone numbers. Data1eaks confirmed the dataset contained 3,317,710 unique phone numbers, indicating widespread exposure of Moscow residents' personal information. A Telegram channel associated with the leak offered a bot service allowing individuals to verify if their phone numbers appeared in the breached data. The Moscow Electronic School platform, which provides digital services to teachers, students, and parents—including electronic class records, student portfolios, and academic materials—had previously experienced operational disruptions, with Russian newspaper Kommersant reporting site outages in September 2022.
The data leak impacted a significant portion of Moscow's population, with observers noting it particularly affected schoolchildren and their families. Multiple individuals independently verified to Meduza that their personal information appeared in the leaked dataset, contradicting official statements from Moscow's IT Department. Authorities denied the breach's validity through state-owned TASS news agency, asserting the leaked materials bore "no relation to actual Moscow Electronic School users and their data." No containment measures or technical remediations were disclosed by officials following the breach disclosure. The incident exposed sensitive identity documents (SNILS) and contact details, creating long-term risks of identity fraud and phishing targeting affected families. The attackers' release of credentials additionally raised concerns about potential unauthorized access to active MES accounts, though no subsequent account compromises were confirmed in available reporting.