Police investigators have been called in to look into an alleged hack that resulted in a sensitive data leak relating to over 1,000 school children being leaked online.
Details from the Independent Schools Guide, published by education advice organisation Gabbitas, were placed on the Internet last week and were removed once the organisation became aware of the data leak.
Outsourcing firm Prospects, the parent company of Gabbitas, said a specialist cyber crime unit was brought in to investigate today after the matter was reported to police last week.
“Gabbitas is deeply concerned that one of its websites had been accessed illegally,” the company said in a statement emailed to TechWeekEurope. “We are taking these matters extremely seriously. Measures have been taken to ensure the security of all other sites from such attack.
“The chairman of Gabbitas has apologised unreservedly to any individuals who may have been affected by this unauthorised access.
“We believe that all our client data is secure and further actions have been taken in the last 48 hours to reinforce this.”
The leak came to light following a report in the Sunday Telegraph, which confirmed the Information Commissioner’s Office (ICO) was looking into the matter. If the ICO finds Gabbitas committed serious mistakes, the organisation could be fined up to £500,000.
The leaked database contained information on clients who were hoping to get their children into independent schools, including family details of a leading TV actor, a pop star and the son of an ex-Cabinet minister.
Parents’ comments on their own children were left open for the public to see too, including information about conditions such as autism, Asperger’s syndrome and dyslexia.
“We will be making inquiries into the circumstances of any potential breach of the Data Protection Act before deciding what action, if any, needs to be taken,” the ICO said.
The ICO has traditionally taken a hard line on organisations that have let information on children leak. In June, Telford and Wrekin Council was hit with a £90,000 fine for two separate breaches where information on children was sent to the wrong recipients.
Are you a security pro? Try our quiz!
Troubled battery maker Northvolt reportedly considers Chapter 11 bankruptcy protection in the United States as…
Microsoft's cloud business practices are reportedly facing a potential anti-competitive investigation by the FTC
Ilya Lichtenstein sentenced to five years in prison for hacking into a virtual currency exchange…
Target for Elon Musk's lawsuit, hate speech watchdog CCDH, announces its decision to quit X…
Antitrust penalty. European Commission fines Meta a hefty €798m ($843m) for tying Facebook Marketplace to…
Elon Musk continues to provoke the ire of various leaders around the world with his…
View Comments
'In June, Telford and Wrekin Council was hit with a £90,000 fine' - What's the point? The people paying the fine are the victims - the rate payers.
When breaches occur the fines need to be paid by the those responsible for the failure in security. This should apply to all corporate fines and penalties.