Hackers have released highly secret papers from 14 schools online, according to the BBC.
Pates Grammar School in Gloucestershire was one of those targeted by the hacker organization Vice Society.
The stolen data, reviewed by the BBC, include children's SEN information, passport scans, employee pay scales, and contract details.
Pates Grammar School, according to a spokeswoman, takes the security of its systems and data very seriously.
In recent months, the Vice Society has been behind a high-profile wave of school assaults in the UK and the US.
According to the technology website Wired, it reportedly took 500 terabytes of data from the entire Los Angeles Unified School District.
The FBI in America has previously issued a warning about the group's actions.
When data is stolen, Vice Society makes monetary demands before exposing the records if they are not paid.
The records seized from Pates Grammar School were extensive, with hackers employing general search phrases to get them.
One folder labeled "passports" has passport scans for students and parents on school excursions dating back to 2011, while another labeled "contract" contains contractual offers made to employees as well as instructional materials on muscular contractions.
Another folder labeled "confidential" includes information on the headmaster's salary and student bursary winners.
Along with Pates' material, the BBC discovered private papers purportedly from the following establishments on Vice Society's website.
Every school on this list has been contacted to provide feedback.
Durham Johnston Comprehensive School, Carmel College, St Helens
Hamilton, Leicester Frances King School of English/Dublin Gateway College
Heywood Lampton School, Holy Family RC + CE College, Hounslow, London
Lampton School released the following statement: "Teachers were aware of the incident, but we did not notify them of the stolen data. The ICO never instructed us to inform the data subjects. We disabled remote access for all but a limited number of employees using two-factor authentication, and we changed all of our passwords."
London's Mossbourne Federation
The Mossbourne Federation stated: "Parents, students, staff, and everyone else involved were quickly alerted and kept up to speed on the recovery process. We have totally recovered from the cyber-attack and are back to business as usual."
Barnstaple's Pilton Community College
London's Samuel Ryder Academy, St Albans School of Oriental and African Studies
Test Valley School, Stockbridge St Paul's Catholic College, Sunbury-on-Thames
Evesham's De Montfort School
The De Montfort School did not respond to requests for comment.
The School of Oriental and African Studies reported that it was hacked in September 2022, with personnel contracts and budget data among the 18,680 other files compromised.
"We told employees and students about the situation, and although we were able to prevent it from growing further, it resulted in a minor, restricted data breach of files on internal storage.
"The people impacted have been informed, and we will continue to provide assistance as needed," a representative said.
The information was exposed by hackers on the dark web, an area of the internet often utilized by criminals.
The dark web is not indexed by standard search engines and must be accessed via specialized surfing software.
Pates' hacking history
The Pates breach is thought to have occurred on September 28, when the school contacted parents to inform them that its IT systems and phone lines were down. A few days later, the school emailed again, this time providing Gmail accounts for parents to contact.
The headteacher wrote again on October 7 to report that its systems had been "accessed by an illegal third party." The school stated it had contacted the Information Commissioners Office (ICO) and police about the impacted teaching materials, which depended on Microsoft Teams.
"There is presently no proof that data has been taken or released," the headmaster stated at the time.
The school contacted the parents again five days later.
The principal wrote: "Regrettably, it seems that part of our data was acquired by the criminal organization and posted on its dark website, which is difficult to access and only available to a small audience with the technical expertise and capacity to access this specific site.
"If we discover that any substantial data has been impacted in this manner, we will notify you and give information and help."
Grey line for presentation
The ICO and Gloucestershire Police both stated that they were looking into the suspected violations in 2022.
Pates Grammar School's representative stated: "We are presently collaborating with cyber-security experts to perform an in-depth evaluation and analysis of this material.
"We're collaborating with highly skilled forensic investigators to safeguard our systems and rectify the problem.
"We have successfully restored important systems, minimized inconvenience to employees and students, and will continue to keep the appropriate authorities updated on any new developments."
0 Comments