Cyber Incident Victim: Frances King School of English
Date:
Sep 2021
Location:
United Kingdom
Summary
Frances King School of English was among 14 educational institutions compromised by the Vice Society hacking group, which exfiltrated and leaked sensitive data including children's special educational needs (SEN) records, passport scans, staff contracts, and payroll details. The attackers demanded ransom before publishing stolen documents on the dark web, causing operational disruptions such as IT system outages that forced temporary reliance on alternative communication channels. The school engaged cybersecurity specialists and law enforcement to investigate the breach, restore systems, and assess the extent of data exposure while notifying affected individuals and regulatory authorities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The Frances King School of English was among 14 UK educational institutions compromised in a cyberattack attributed to the hacking group Vice Society, with data stolen in 2021 and 2022 leaked on the dark web. The breach was publicly confirmed in November 2022 when the BBC identified confidential documents from these schools on Vice Society's dark web site. Attackers exfiltrated sensitive information including children's special educational needs (SEN) records, passport scans of students and parents dating back to 2011, staff salary details, contractual agreements, and student bursary recipient lists. At Pates Grammar School—which shared an identical attack timeline with Frances King—the intrusion occurred on or around September 28, 2021, when unauthorized third parties disrupted IT systems and phone lines, forcing the school to establish temporary Gmail accounts for parent communications.
Vice Society employed broad search terms to harvest data, creating folders labeled "passports," "contract," and "confidential" containing highly sensitive materials. The group typically demanded ransom payments before leaking stolen data, as evidenced by their high-profile attack on Los Angeles Unified School District that same year. By October 7, 2021, Pates Grammar confirmed unauthorized system access but initially reported no evidence of data theft. Five days later, the school acknowledged data had been published on Vice Society's dark web site, which requires specialized software to access. Frances King School of English and other affected institutions faced similar exposure risks, though their specific response measures weren't detailed. Pates Grammar engaged cybersecurity specialists and forensic investigators to restore systems, notify the Information Commissioner's Office (ICO) and Gloucestershire Police, and maintain operational continuity despite compromised Microsoft Teams teaching resources. The ICO and law enforcement agencies confirmed ongoing investigations into the breaches through 2022.