Mossbourne Federation

Mossbourne Federation, also known as Mossbourne Academy, is an educational organization based in the United Kingdom. It operates schools that provide instruction to students, including those with special educational needs, as indicated by the presence of sensitive special educational needs records among the data compromised in a 2022 cyberattack. The federation manages administrative functions for its institutions, including staff employment and payroll, evidenced by the theft of staff payroll details and contracts. It handles personal identification information such as passport scans for students and staff, reflecting standard operational requirements for educational institutions. The organization's IT systems support these educational and administrative activities, though specific technological infrastructure details are not publicly documented. Its operations place it within the UK's primary and secondary education sector, serving local communities through its academies.

In 2022, Mossbourne Federation experienced two significant cybersecurity incidents attributed to the ransomware group Vice Society. On September 28, 2022, a cyberattack resulted in the theft and dark web leak of highly sensitive data, disrupting the federation's IT systems and communications and necessitating temporary workarounds like alternative email channels. The breach exposed children's special educational needs records, passport scans, staff payroll details, contracts, and internal administrative documents. An earlier incident on July 1, 2022, involved Vice Society leaking sensitive student data on the dark web after the federation, among other UK educational institutions, refused ransom demands. Following these attacks, Mossbourne Federation engaged cybersecurity specialists and forensic investigators to restore systems, assess data exposure, and notify affected individuals, while coordinating with law enforcement and regulatory authorities. These events highlighted the vulnerability of educational organizations with limited cybersecurity resources to targeted ransomware operations.