Exclusive: More than 700 school data breaches in a year

Schools risk ‘extensive reputational damage’ if personal data of parents or pupils is compromised, accountants warn 
21st November 2018, 5:02am

Share

Exclusive: More than 700 school data breaches in a year

https://www.tes.com/magazine/archive/exclusive-more-700-school-data-breaches-year
Thumbnail

The number of data breaches reported by schools increased by almost a quarter in just two years, new research shows.

Schools in the UK reported 703 data breaches to the Information Commissioner’s Office (ICO) in 2016-17, compared with 571 in 2014-15.

A freedom of information request by accountancy network UHY Hacker Young showed that 674 were reported in 2015-16.

The news comes after a school business managers’ leader last year warned that funding pressures on schools were making them more vulnerable to cyber-attacks.

And earlier this year, the Charity Commission warned private schools that fraudsters were trying to intercept fee payments from parents using emails.  

Allan Hickie, partner at UHY Hacker Young, warned that cyber-attacks can cause schools “extensive reputational damage, especially if the personal data of children and parents is compromised”.

He added: “As almost all data is now stored electronically, safeguards must be put in place to ensure that schools’ sensitive data is kept secure.

Guarding against cyber attacks

“Parents must be reassured that the information held on their children, and their own financial data, is kept safe.

“Many private and independent schools are attractive to fraudsters, as school fees that they are attempting to redirect are often of high value. It is vital that schools have strong data security in place.”

His organisation warned that schools are now at a serious risk of large fines from the ICO if they fail to report data breaches, following the introduction of GDPR in May 2018.

The regulations make it compulsory for all organisations to report any data breach where there is a risk to people’s data security, including incidents where no information is actually lost or stolen.

However, UHY said that the ICO is unlikely to levy large fines on smaller schools and academies where data on pupils has not been put at risk.

The Department for Education said that all organisations, including schools and colleges, should have good basic cyber-security measures in place.

It pointed to the government's Cyber Essentials scheme, which aims to protect against common vulnerabilities which are widely reported online.

Want to keep reading for free?

Register with Tes and you can read two free articles every month plus you'll have access to our range of award-winning newsletters.

Keep reading for just £1 per month

You've reached your limit of free articles this month. Subscribe for £1 per month for three months and get:

  • Unlimited access to all Tes magazine content
  • Exclusive subscriber-only stories
  • Award-winning email newsletters
Recent
Most read
Most shared