Jason Lewis reports:
Sensitive Information about hundreds of children, including details of their behavioural problems, has been leaked on the internet after an alleged cyber attack on a company advising parents about applying for top independent schools.
The security breach led to the publication of 1,367 private records, including the names and addresses of pupils and parents and confidential notes about their children’s personality and school achievements and, in some cases, illnesses and learning difficulties.
According to The Telegraph, Prospect Services shut down the Independent Schools Guide web site after the paper alerted them to the exposure and asked the police to investigate. Distressingly to parents, sensitive information about students could be found by a Google search and there’s no report at this time as to for how long the data were exposed and whether or how many others downloaded or accessed the data.
As of the time of this posting, the web site is back up, but there is no statement about the breach that I can find.
It will be interesting to see what, if anything, the Information Commissioner’s Office does in response to this incident. Will it just accept the firm’s claim that it was the victim of a cyberattack, or it will require some forensic proof? And how much would such proof – assuming that claims of an attack are true – mitigate any consequences for the firm? Certainly, having information about there about named children, including their diagnoses and special education needs, can be harmful to the children’s future.