Cyber Incident Victim: Mossbourne Federation
Date:
Sep 2022
Location:
United Kingdom
Summary
A cyberattack targeting Mossbourne Federation and multiple other UK schools involved the theft and dark web leak of highly sensitive data by the hacking group Vice Society. Compromised information included children's special educational needs records, passport scans, staff payroll details, contracts, and internal administrative documents. The attackers disrupted the victim's IT systems and communications, forcing temporary workarounds like alternative email channels. Following the breach, the organization engaged cybersecurity specialists and forensic investigators to restore systems, assess the data exposure, and notify affected individuals while coordinating with law enforcement and regulatory authorities. The incident exemplified broader targeting of educational institutions with limited cybersecurity resources.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The Mossbourne Federation was among 14 UK educational institutions compromised in a cyber attack by the Vice Society hacking group, with the incident timeline indicating initial system breaches around late September 2022. Attackers exfiltrated highly sensitive data including children's special educational needs (SEN) information, passport scans of students and parents dating back to 2011, staff payroll details, employment contracts, and internal documents regarding headteacher compensation and student bursary recipients. The hackers employed broad search terms to identify and steal folders labeled with generic names like "passports," "contract," and "confidential," resulting in comprehensive data theft across multiple years. At Pates Grammar School, which shared an identical attack pattern with Mossbourne, systems became inaccessible on September 28 when IT infrastructure failed, forcing temporary communication through newly created Gmail accounts. By October 7, forensic analysis confirmed unauthorized third-party access, though initial assessments incorrectly claimed no data theft had occurred.
Vice Society published stolen documents on dark web platforms inaccessible through conventional browsers after ransom demands went unmet, with Mossbourne's data appearing alongside materials from 13 other institutions. The School of Oriental and African Studies confirmed 18,680 files were leaked in its parallel September 2022 breach, including staff contracts and budget documents. Impacted organizations initiated coordinated responses involving cybersecurity forensic specialists, system restoration efforts, and mandatory reporting to the Information Commissioner's Office and local police authorities. Mossbourne and other institutions notified affected students, parents, and staff about the exposure of personal data while working to rebuild compromised Microsoft Teams infrastructure critical for teaching operations. The FBI had previously issued alerts about Vice Society's targeting of under-resourced educational entities, with the group's prior theft of 500GB from Los Angeles Unified School District demonstrating their operational scale. All breached UK schools emphasized ongoing collaboration with law enforcement and cybersecurity experts to contain the incident, though the dark web publication permanently exposed sensitive personal identifiers and institutional records.