Cyber Incident Victim: Merseyside College
Date:
Jul 2022
Location:
United Kingdom
Summary
A ransomware group known as Vice Society leaked sensitive student data on the dark web following attacks on multiple UK educational institutions, including several schools and a sixth-form college, after their ransom demands were refused. The breach exposed personal information belonging to thousands of students across the affected organizations, with the attackers publicly disclosing the stolen data as part of their extortion tactics. This incident highlights the ongoing targeting of educational entities by cybercriminals seeking to exploit institutional data for financial gain.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In July 2022, the ransomware group Vice Society executed a cyberattack campaign targeting multiple educational institutions in the UK, including Merseyside College. The attackers breached the college’s systems, exfiltrated sensitive student data, and subsequently issued a ransom demand. When the institution refused payment, Vice Society published the stolen information on their dedicated dark web leak site. This incident formed part of a broader pattern of attacks by the group, which simultaneously compromised five additional schools: Pilton Community College, The De Montfort School, St Paul’s Catholic College, and Carmel College. The leak exposed personal data belonging to thousands of students across these institutions, though specific data types or volumes were not detailed in available reports.
The public disclosure of student information on the dark web represented the primary confirmed impact, creating risks of identity theft, harassment, or financial fraud for affected individuals. No technical details regarding the initial attack vector, malware used, or internal detection mechanisms were disclosed. The college’s refusal to negotiate with the threat actors constituted the only confirmed response action, consistent with the reported stance of all six targeted institutions. No information was available regarding law enforcement involvement, forensic investigations, or post-incident remediation efforts. The incident highlighted Vice Society’s continued focus on the education sector and their operational tactic of prioritizing data theft and extortion over system encryption in ransomware operations.