Categories: SecurityWorkspace

Police To Investigate School Children’s Data Leak

Police investigators have been called in to look into an alleged hack that resulted in a sensitive data leak relating to over 1,000 school children being leaked online.

Details from the Independent Schools Guide, published by education advice organisation Gabbitas, were placed on the Internet last week and were removed once the organisation became aware of the data leak.

Outsourcing firm Prospects, the parent company of Gabbitas, said a specialist cyber crime unit was brought in to investigate today after the matter was reported to police last week.

Illegal access

“Gabbitas is deeply concerned that one of its websites had been accessed illegally,” the company said in a statement emailed to TechWeekEurope. “We are taking these matters extremely seriously. Measures have been taken to ensure the security of all other sites from such attack.

“The chairman of Gabbitas has apologised unreservedly to any individuals who may have been affected by this unauthorised access.

“We believe that all our client data is secure and further actions have been taken in the last 48 hours to reinforce this.”

The leak came to light following a report in the Sunday Telegraph, which confirmed the Information Commissioner’s Office (ICO) was looking into the matter. If the ICO finds Gabbitas committed serious mistakes, the organisation could be fined up to £500,000.

The leaked database contained information on clients who were hoping to get their children into independent schools, including family details of a leading TV actor, a pop star and the son of an ex-Cabinet minister.

Parents’ comments on their own children were left open for the public to see too, including information about conditions such as autism, Asperger’s syndrome and dyslexia.

“We will be making inquiries into the circumstances of any potential breach of the Data Protection Act before deciding what action, if any, needs to be taken,” the ICO said.

The ICO has traditionally taken a hard line on organisations that have let information on children leak. In June, Telford and Wrekin Council was hit with a £90,000 fine for two separate breaches where information on children was sent to the wrong recipients.

Are you a security pro? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

View Comments

  • 'In June, Telford and Wrekin Council was hit with a £90,000 fine' - What's the point? The people paying the fine are the victims - the rate payers.

    When breaches occur the fines need to be paid by the those responsible for the failure in security. This should apply to all corporate fines and penalties.

Recent Posts

Supreme Court Permits Nvidia Investor Lawsuit To Proceed

Setback for Nvidia after Supreme Court rules class-action lawsuit against AI chip giant for misleading…

13 hours ago

TikTok Files Challenge Against Canadian Shutdown Order

Notice filed in federal court to challenge Canadian government order to shutdown TikTok's Canada's operations

16 hours ago

Apple Intelligence Launches In UK, Siri Integrated With ChatGPT

Users of the iPhone 15 and later in the UK can now experience Apple Intelligence,…

17 hours ago

US Awards Micron $6.1 Billion From US Chips Act

Biden administration awards $6.1 billion subsidy from US Chips Act for Micron's Idaho and and…

18 hours ago

California Mulls Health Warnings For Social Media Sites

Bill (if passed) could see California become the first US state to require mental health…

21 hours ago

GM Kills Cruise Robotaxi Business, After Funding Is Pulled

General Motors kills Cruise robotaxi ambitions, after halting funding for the loss-making autonomous vehicle unit

23 hours ago