Police investigators have been called in to look into an alleged hack that resulted in a sensitive data leak relating to over 1,000 school children being leaked online.
Details from the Independent Schools Guide, published by education advice organisation Gabbitas, were placed on the Internet last week and were removed once the organisation became aware of the data leak.
Outsourcing firm Prospects, the parent company of Gabbitas, said a specialist cyber crime unit was brought in to investigate today after the matter was reported to police last week.
“Gabbitas is deeply concerned that one of its websites had been accessed illegally,” the company said in a statement emailed to TechWeekEurope. “We are taking these matters extremely seriously. Measures have been taken to ensure the security of all other sites from such attack.
“The chairman of Gabbitas has apologised unreservedly to any individuals who may have been affected by this unauthorised access.
“We believe that all our client data is secure and further actions have been taken in the last 48 hours to reinforce this.”
The leak came to light following a report in the Sunday Telegraph, which confirmed the Information Commissioner’s Office (ICO) was looking into the matter. If the ICO finds Gabbitas committed serious mistakes, the organisation could be fined up to £500,000.
The leaked database contained information on clients who were hoping to get their children into independent schools, including family details of a leading TV actor, a pop star and the son of an ex-Cabinet minister.
Parents’ comments on their own children were left open for the public to see too, including information about conditions such as autism, Asperger’s syndrome and dyslexia.
“We will be making inquiries into the circumstances of any potential breach of the Data Protection Act before deciding what action, if any, needs to be taken,” the ICO said.
The ICO has traditionally taken a hard line on organisations that have let information on children leak. In June, Telford and Wrekin Council was hit with a £90,000 fine for two separate breaches where information on children was sent to the wrong recipients.
Are you a security pro? Try our quiz!
Setback for Nvidia after Supreme Court rules class-action lawsuit against AI chip giant for misleading…
Notice filed in federal court to challenge Canadian government order to shutdown TikTok's Canada's operations
Users of the iPhone 15 and later in the UK can now experience Apple Intelligence,…
Biden administration awards $6.1 billion subsidy from US Chips Act for Micron's Idaho and and…
Bill (if passed) could see California become the first US state to require mental health…
General Motors kills Cruise robotaxi ambitions, after halting funding for the loss-making autonomous vehicle unit
View Comments
'In June, Telford and Wrekin Council was hit with a £90,000 fine' - What's the point? The people paying the fine are the victims - the rate payers.
When breaches occur the fines need to be paid by the those responsible for the failure in security. This should apply to all corporate fines and penalties.