Cyber Incident Victim: Test Valley School
Date:
Sep 2022
Location:
United Kingdom
Summary
Test Valley School was among multiple educational institutions compromised in a cyberattack by the Vice Society hacking group, resulting in the theft and subsequent dark web leak of highly sensitive data including children's passport scans, special educational needs records, staff contracts, and financial documents. The incident disrupted IT systems and communications, forcing temporary reliance on alternative platforms while forensic investigations and system restoration efforts progressed. Authorities including law enforcement and data protection regulators were engaged, with the attackers exploiting systemic vulnerabilities in under-resourced educational sector cybersecurity to exfiltrate data for extortion purposes before publication.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The cyber incident involving Test Valley School occurred as part of a broader campaign by the hacking group Vice Society targeting educational institutions in the UK and USA during 2022. On or around September 28, 2022, unauthorized actors compromised the school's systems, mirroring attacks on at least 13 other schools including Pates Grammar School and the School of Oriental and African Studies (SOAS). The attackers exfiltrated sensitive data including confidential student records, staff contracts, financial documents, and personally identifiable information such as passport scans. This data theft followed Vice Society's established pattern of stealing hundreds of gigabytes of information using generic search terms to locate valuable files, then demanding ransom payments under threat of public leakage. When Test Valley School and other victims did not meet these demands, the hackers published the stolen documents on dark web portals inaccessible through conventional browsers.
The breach resulted in significant operational disruption, forcing Test Valley School to take IT systems offline and establish temporary communication channels via Gmail accounts. Forensic investigations revealed that attackers had accessed internal storage systems, though the full scope wasn't immediately apparent. Like SOAS—which confirmed 18,680 files were leaked—Test Valley's data appeared on Vice Society's dark web site alongside materials from other institutions. The leaked information included sensitive student support records (SEN), staff salary details, contractual agreements, and family travel documents dating back over a decade. School administrators notified the UK Information Commissioner's Office and local law enforcement, while engaging cybersecurity specialists to restore systems and conduct forensic analysis. Affected individuals received direct notifications about the breach, with the school providing ongoing support as required. The incident highlighted systemic vulnerabilities in educational sector cybersecurity, with institutions balancing limited IT resources against increasingly sophisticated attacks targeting sensitive personal and operational data.