Cyber Incident Victim: Gateway College
Date:
Sep 2022
Location:
United Kingdom
Summary
A cyberattack attributed to the Vice Society hacking group compromised Gateway College and multiple other educational institutions, resulting in unauthorized access to sensitive data including student passport scans, special educational needs records, staff contracts, and financial documents. The attackers exfiltrated and later leaked the stolen information on the dark web after ransom demands were unmet, causing operational disruptions to IT systems and communication channels. Forensic investigations were initiated alongside law enforcement, with the institution restoring critical systems while acknowledging the exposure of confidential data affecting students and staff. The incident highlighted broader targeting of under-resourced educational entities by financially motivated threat actors exploiting systemic cybersecurity vulnerabilities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In September 2022, Gateway College in Hamilton, Leicester, was among 14 UK schools targeted by the Vice Society hacking group, which exfiltrated and leaked highly sensitive documents. The attackers compromised school systems, stealing confidential data including children’s special educational needs (SEN) information, scanned passports of pupils and parents, staff pay scales, contractual details, and student bursary fund records. The breach mirrored Vice Society’s broader pattern of attacks on educational institutions in the UK and US, including a high-profile theft of 500 gigabytes of data from the Los Angeles Unified School District. At Gateway College and other affected schools, hackers used generic search terms to identify and extract folders labeled “passports,” “contract,” and “confidential,” some containing documents dating back to 2011. The group typically demanded ransom payments before leaking stolen data on the dark web, an unindexed portion of the internet requiring specialized software to access. While the exact date of Gateway’s breach was not specified, Pates Grammar School—another victim—experienced system compromises around September 28, 2022, suggesting a coordinated campaign.
The incident disrupted Gateway College’s operations, necessitating temporary communication workarounds such as Gmail accounts for parent contact after IT systems and phone lines were disabled. Like Pates Grammar School, Gateway likely faced delays in confirming data theft, as initial statements from similarly affected institutions indicated no evidence of data exfiltration before dark web leaks emerged. Stolen documents were published on Vice Society’s dark web site, exposing sensitive personal and financial information of students, parents, and staff. Gateway College and other victims collaborated with cybersecurity specialists to conduct forensic analyses, restore systems, and notify regulatory authorities including the UK Information Commissioner’s Office (ICO) and local police. The School of Oriental and African Studies—also named in the leak—reported a September 2022 breach involving 18,680 files, confirming staff contracts and budget details were compromised. While Gateway’s specific remediation steps were not detailed, affected schools universally emphasized efforts to minimize educational disruptions and provide support to impacted individuals, with some successfully restoring critical systems weeks after the initial attack.