Category: Education Sector Data Breaches
The education sector is being increasingly targeted by cyberattacks, with the National Cyber Security Centre (NCSC) issuing a warning regarding the rising incidence of criminal attacks in late March. Primary schools, secondary schools and higher educational institutions all hold a wide variety of private information, some of which can be highly sensitive in nature. Ensuring good cybersecurity in the education sector is, therefore, of paramount importance to ensure the privacy and safety of both staff and students.
While some cyberattacks can be difficult to prevent, it can sometimes be the case that organisations have failed to ensure that their systems are secure enough, allowing hackers a point of easy access. When this occurs, the organisation in question may have breached data protection law.
It is essential that schools and universities do their bit to protect the information that they store and process, or they risk exposing staff and students to data misuse. Anyone who has been put in this vulnerable situation may be eligible to claim compensation for the harm caused, so do not hesitate to contact us if you think that you may have a claim to make.
The news of a Pembroke College data leak has recently been reported after it emerged that private details relating to the college’s alumni were made vulnerable to unauthorised access. Users with access to the college’s single sign-on system were reportedly able to access extensive personal information on the former Oxford University students who were hosted at Pembroke College, according to Cherwell.
All organisations that process and store personal data have a legal duty to protect it in accordance with the GDPR. Where they fail to do so, they can be held liable for a data protection breach. In some cases, the affected victims can also be eligible to make compensation claims for the harm caused.
Although it appears that the alumni information was not exposed outside the organisation, the incident at Pembroke College nevertheless demonstrates the problems with failing to manage data access appropriately.