The AQA Education Data Breach
"One of the UK’s leading examination boards - AQA Education - has suffered a massive data breach."
Up to 65,000 examiners' data, stored on AQA's examiner application system and examiner extranet, has been subject to cyber-attacks from hackers.
This is yet another massive data hack that has already caused serious distress for people involved. Our Data Leak Lawyers are now investigating claims.
It has been revealed by AQA that a wealth of sensitive data was potentially leaked to attackers:
- First names and surnames
- Telephone numbers (personal and work)
- Email addresses
- Passwords to systems used to mark examinations;
- Examiner pins
- "Memorable word" used to reset a forgotten password
- Centre numbers
Although AQA say they are "very sorry that this happened", hackers have still gained access to a massive amount of personal and sensitive information. Not only does that put the victims' information at risk, but there are concerns for students and pupils as well. Although the AQA has ensured schools that no exam results will be affected, it seems too early say in our view.
The full effects of many data breaches never fully materialise until, sometimes, years after the breach.
Home Working Systems Hacked
Thousands of AQA examiners work from home marking examinations using a range of online tools, such as the online marking system; the online mark collection system; and the online standardisation system.
All three of these systems were reportedly breached.
AQA was notified of the breach on the 21st March 2017 and immediately shut down the systems. It wasn't until the 6th April 2017 that the exam board uncovered the extent of the breach and that the information exposed was so widespread.
It Could Have Been Worse...
The exam board highlights that they had security measures in place, and that if these measures had not been implemented, the attack could have been much worse.
But it still begs the question as to how the systems were hacked in the first place. Clearly, with people working remotely, the systems that need to be in place to properly secure the information have to be excellent. There are so many ways information can be intercepted when people are working and accessing databases over the internet, and this should always be at the forefront of any organisation's mind.
Victims Notified And ICO Informed
They have notified the affected people and highlighted that they may be subject to phishing emails and that their information may have been shared with third parties. This is simply unacceptable from an organisation that is supposed to have heightened security given the level of sensitivity of examinations, and the remote working procedures.
AQA have reported the incident to the Information Commissioner's Office (ICO) and the Office of Qualifications and Examinations Regulation (Ofqual) who are both investigating the attack. The ICO highlighted that they're investigating a potential Data Protection Act (DPA) breach from AQA, and if they are found to have breached the DPA, they may face fines.
However, this does not deal with the fact that 65,000 peoples' personal and work information has been hacked.
In this increasingly digital world, it seems to be getting easier for criminals to gain access to highly sensitive information from organisations and everyone should have quality security measures in place to prevent attackers gaining access to their systems.
We need to take a stand against organisations that are failing in their responsibility to keep private information safe. Ignorance is never an excuse - we're sure AQA are fully aware of their responsibilities to protect data and personal information, and the repercussions for any failings should come as no surprise.
The Long Wait Begins...
The problem with data breaches is that the effects can last for a long time. The data hacked from AQA could spring up in the future on the "dark web" and cyber criminals may already be trying their luck with passwords gleaned from the information accessed.
Rectifying the problem by changing passwords is simply not enough. As an employee of AQA, you put your trust in them to keep your information safe, but they have failed to guard that information. We're investigating claims for victims who have already approached us for help, and if you have been affected by the hack, we may be able to help you too.
Here To Help
Our specialist Data Leak Lawyers deal with data breach, data leak, and data and hack cases on a daily basis. We fully understand the distress that having your sensitive information breached and leaked to the world can cause. We know that we cannot turn back time and stop what has happened, or what may happen in the future, but you may be entitled to compensation as a victim of what's happened.
We specialise in fighting for compensation for when your information is breached. The DPA is in place for a reason, and when it's broken, you are entitled to reparations.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us. All fields marked with a * are required.
Latest Blogs from The Data Leak Lawyers
"On a scale of 1 to 10 in terms of risks to consumers, this is a 10" - says fraud analyst, Avivah Litan on the Equifax data h...Nov 17, 2017
Equifax have faced heavy criticism for a series of failings around the data breach that exposed over 145 million people's per...Nov 16, 2017
A 'nosy' midwife has been sacked by the University Hospitals of Coventry and Warwickshire NHS Trust after she was discovered ...Nov 15, 2017
Confidential and secretive information for Heathrow Airport was reportedly found on a USB device some 13 miles from the site ...Nov 14, 2017
Australian appliance-rental company, Amazing Rentals, are in trouble with Australian authorities yet again for behaviour that...Nov 13, 2017
Security experts warn that all Wi-Fi networks are vulnerable to hacking after a Belgian researcher managed to break through a...Nov 10, 2017
Head of policy and engagement at the Information Commissioner's Office, Jo Pedder, points to useful guidance on the new EU Ge...Nov 09, 2017