Police investigators have been called in to look into an alleged hack that resulted in a sensitive data leak relating to over 1,000 school children being leaked online.
Details from the Independent Schools Guide, published by education advice organisation Gabbitas, were placed on the Internet last week and were removed once the organisation became aware of the data leak.
Outsourcing firm Prospects, the parent company of Gabbitas, said a specialist cyber crime unit was brought in to investigate today after the matter was reported to police last week.
“Gabbitas is deeply concerned that one of its websites had been accessed illegally,” the company said in a statement emailed to TechWeekEurope. “We are taking these matters extremely seriously. Measures have been taken to ensure the security of all other sites from such attack.
“The chairman of Gabbitas has apologised unreservedly to any individuals who may have been affected by this unauthorised access.
“We believe that all our client data is secure and further actions have been taken in the last 48 hours to reinforce this.”
The leak came to light following a report in the Sunday Telegraph, which confirmed the Information Commissioner’s Office (ICO) was looking into the matter. If the ICO finds Gabbitas committed serious mistakes, the organisation could be fined up to £500,000.
The leaked database contained information on clients who were hoping to get their children into independent schools, including family details of a leading TV actor, a pop star and the son of an ex-Cabinet minister.
Parents’ comments on their own children were left open for the public to see too, including information about conditions such as autism, Asperger’s syndrome and dyslexia.
“We will be making inquiries into the circumstances of any potential breach of the Data Protection Act before deciding what action, if any, needs to be taken,” the ICO said.
The ICO has traditionally taken a hard line on organisations that have let information on children leak. In June, Telford and Wrekin Council was hit with a £90,000 fine for two separate breaches where information on children was sent to the wrong recipients.
Are you a security pro? Try our quiz!
Tesla makes key advances toward advanced self-driving rollout in China as chief Elon Musk meets…
New UK rules bring in basic security requirements for millions of internet-connected devices, aiming to…
Google parent Alphabet sees market capitalisation surge over $2tn on plan to over first-ever cash…
Google asks Virginia federal court to dismiss case brought by US Justice Department and eight…
Snapchat parent Snap reports user growth, revenues in spite of tough competition, in what may…
Quick-growing fast-fashion company Shein must comply with most stringent level of EU digital rules after…
View Comments
'In June, Telford and Wrekin Council was hit with a £90,000 fine' - What's the point? The people paying the fine are the victims - the rate payers.
When breaches occur the fines need to be paid by the those responsible for the failure in security. This should apply to all corporate fines and penalties.