Cyber Incident Victim: Lampton School
Date:
Sep 2022
Location:
United Kingdom
Summary
A UK secondary school in London was among multiple educational institutions targeted in a cyberattack by the Vice Society hacking group, resulting in significant data theft and system disruption. Sensitive information including students' special educational needs records, passport scans, staff contracts, and financial documents were exfiltrated and later leaked on the dark web. The incident caused operational outages affecting communication systems and digital learning platforms, forcing temporary alternative measures. Forensic investigators collaborated with authorities to restore systems while assessing the breach's scope. This attack formed part of a broader campaign targeting under-resourced schools in multiple countries, exploiting limited cybersecurity protections to steal highly personal and institutional data for extortion purposes.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The Lampton School in Hounslow, London, was among 14 UK educational institutions compromised in a cyber attack by the hacking group Vice Society, with stolen documents leaked on the dark web. The group, known for targeting schools in the UK and USA, employed a ransomware model, exfiltrating sensitive data before demanding payment and threatening publication. While Lampton's specific breach timeline remains undisclosed, the broader incident pattern indicates attacks occurred in 2022, with Vice Society leaking data from multiple schools by early 2023. At Pates Grammar School—one confirmed victim—attackers infiltrated systems on or around September 28, 2022, disrupting IT infrastructure and phone lines. Hackers extracted 500GB of data from some institutions, including children’s special educational needs (SEN) records, passport scans, staff contracts, payroll details, and internal administrative documents. At Pates, compromised folders dated back to 2011, exposing pupil passport copies from school trips, headteacher salary information, student bursary recipients, and staff teaching materials. The School of Oriental and African Studies (SOAS) separately confirmed a September 2022 breach involving 18,680 leaked files, including staff contracts and budget documents. Vice Society published the stolen data on its dark web site, which requires specialized software to access, limiting visibility to technically proficient users.
Affected institutions, including Lampton School, initiated response protocols upon detecting breaches. Pates Grammar School notified parents via email on September 28 about IT outages, later confirming unauthorized access on October 7 and data theft by October 12. The school engaged cybersecurity specialists and forensic investigators to restore systems, mitigate disruption, and assess the stolen data’s scope. SOAS notified staff and students of its breach, characterizing it as a "limited" incident despite the volume of leaked files. Both schools reported the incidents to the UK Information Commissioner’s Office (ICO) and law enforcement, with Gloucestershire Police confirming an investigation into the Pates breach. No public statements from Lampton School were documented, though its inclusion in Vice Society’s leak list confirms its involvement. The attacks disrupted educational operations, particularly at Pates, where Microsoft Teams–dependent teaching materials became inaccessible. Ross Brewer of SimSpace noted the education sector’s vulnerability due to limited cybersecurity resources, emphasizing the high value of stolen personal data. The ICO monitored all breaches but did not disclose enforcement actions. By January 2023, Pates had restored critical systems while continuing forensic analysis, though stolen data remained publicly accessible on the dark web.