Cyber Incident Victim: Assessment and Qualifications Alliance
Date:
Jun 2023
Location:
United Kingdom
Summary
Hackers breached multiple British exam boards, including OCR, Pearson Edexcel, and AQA, by compromising a school's email system to steal and sell authentic exam papers online during the testing period. Police investigations involving multiple forces and national cybercrime units are ongoing, with no arrests made. The stolen materials, targeting critical qualifications like GCSEs and A-Levels, risked widespread cheating; students found purchasing them face disqualification and bans from retaking exams, potentially jeopardizing university placements. The incidents prompted coordinated responses from exam authorities and law enforcement amid heightened concerns over academic integrity.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In mid-2023, British law enforcement agencies investigated multiple cybersecurity incidents targeting national examination boards during the annual exam season (May 15-June 27). The incidents involved unauthorized access to examination papers from three major boards: OCR, Pearson Edexcel, and AQA. Attackers compromised a school's internal email system to fraudulently request exam papers from OCR and Pearson Edexcel, subsequently selling stolen materials online to students seeking to cheat. A separate incident affecting AQA—Britain's largest exam board—was reported to Surrey Police on June 16, 2023, though the exact breach timeline remains unspecified. While fake exam paper sales typically increase during testing periods, these incidents represented rare confirmed breaches of genuine examination materials.
Cambridgeshire Constabulary confirmed investigating a data breach involving OCR and Pearson Edexcel, describing incidents where exam papers were "extracted from their systems and sold online." Surrey Police separately investigated allegations of fraud and computer misuse at AQA, coordinating with the National Crime Agency's cybercrime unit and government authorities. No arrests had been made as of late June. The Joint Council for Qualifications, representing all affected boards, acknowledged "a small number of contained incidents of alleged fraud" reported to police. Potential consequences for students included result disqualification, temporary bans on exam retakes, and jeopardized university admissions. The incidents occurred amid broader international concerns about academic cybersecurity, following late-May cyberattacks that disrupted national high school exams in Greece.