Categories: SecurityWorkspace

Police To Investigate School Children’s Data Leak

Police investigators have been called in to look into an alleged hack that resulted in a sensitive data leak relating to over 1,000 school children being leaked online.

Details from the Independent Schools Guide, published by education advice organisation Gabbitas, were placed on the Internet last week and were removed once the organisation became aware of the data leak.

Outsourcing firm Prospects, the parent company of Gabbitas, said a specialist cyber crime unit was brought in to investigate today after the matter was reported to police last week.

Illegal access

“Gabbitas is deeply concerned that one of its websites had been accessed illegally,” the company said in a statement emailed to TechWeekEurope. “We are taking these matters extremely seriously. Measures have been taken to ensure the security of all other sites from such attack.

“The chairman of Gabbitas has apologised unreservedly to any individuals who may have been affected by this unauthorised access.

“We believe that all our client data is secure and further actions have been taken in the last 48 hours to reinforce this.”

The leak came to light following a report in the Sunday Telegraph, which confirmed the Information Commissioner’s Office (ICO) was looking into the matter. If the ICO finds Gabbitas committed serious mistakes, the organisation could be fined up to £500,000.

The leaked database contained information on clients who were hoping to get their children into independent schools, including family details of a leading TV actor, a pop star and the son of an ex-Cabinet minister.

Parents’ comments on their own children were left open for the public to see too, including information about conditions such as autism, Asperger’s syndrome and dyslexia.

“We will be making inquiries into the circumstances of any potential breach of the Data Protection Act before deciding what action, if any, needs to be taken,” the ICO said.

The ICO has traditionally taken a hard line on organisations that have let information on children leak. In June, Telford and Wrekin Council was hit with a £90,000 fine for two separate breaches where information on children was sent to the wrong recipients.

Are you a security pro? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

View Comments

  • 'In June, Telford and Wrekin Council was hit with a £90,000 fine' - What's the point? The people paying the fine are the victims - the rate payers.

    When breaches occur the fines need to be paid by the those responsible for the failure in security. This should apply to all corporate fines and penalties.

Recent Posts

SoftBank Promises To Invest $100bn In US

Japanese tech investment firm SoftBank promises to invest $100bn during Trump's second term to create…

10 hours ago

Synopsys, SiMa.ai To Collaborate On AI Car Chips

Synopsys to work with start-up SiMa.ai on joint offering to help accelerate development of AI…

10 hours ago

AI Start-Up Basis Raises $34m For Accountancy Agent

Start-up Basis raises $34m in Series A funding round for AI-powered accountancy agent to make…

11 hours ago

Databricks Raises $10bn In Huge AI Funding Round

Data analytics and AI start-up Databricks completes huge $10bn round from major venture capitalists as…

11 hours ago

Congo Files Complaints Against Apple Over Conflict Minerals

Congo files legal complaints against Apple in France, Belgium alleging company 'complicit' in laundering conflict…

12 hours ago