Over 3 UK schools got hit with a cyberattack within a 5 month time frame, and ended up with a ransom for critical and sensitive student data. The Dorchester school Thomas Hardye School received a cyberattack on the 21st of May 2025, after a high-level user clicked on a phishing link attached to an email. This injected their computer with malware that spread across the network, and eventually spread to the main server that serves payment information and emails to the entirety of the school. This sensitive information was then in the hands of the malicious actors, and they demanded a ransom of which Thomas Hardye School refused to pay.
In the later end of May, Hardenhuish School in Chippenham was the receiver of a ransom for their IT services, leaving over 1500 students at risk of sensitive data being released for money. The malicious actor demanded money to reinstate the network, though the ransom was not paid and control was eventually returned to specialists.
In early January, Pates Grammar School in Gloucestershire received a ransom from a hacking group known as Vice Society.
The group targets vulnerable organizations to gain access into IT systems and hold data ransom by scanning the server with generic terms like “name”, “passport” and “ID”. Vice Society specifically has attacked a number of UK Schools over the last 6 years, and potentially more that has not made it to mainstream news outlets. This particular group, has an alert out from FBI in the United States. Alarmingly, Vice Society managed to obtain scans of student passports alongside other data belonging to the students.
About the author: This post was written by Ashe Brewer, a student on the CyberSafeSchools Academy virtual work experience programme. The Academy provides secondary school and college students with structured, hands-on experience in cybersecurity and digital marketing. Find out more about the Academy →