A school examining board has recently fallen victim to a mass data breach, compromising approximately 64,000 current and former examiners’ personal information.
AQA’s online systems were reportedly hacked on the 21st March 2017. These online systems stored examiners’ name, addresses, personal phone numbers, and passwords. The examining board were quick to stress that the attacked systems didn’t store any financial details or any personal data of the schools, pupils or exam material.
The Information Commissioner’s Office (ICO) – who are responsible for investigating data breaches – have been informed of this breach and are currently investigating it. The investigation will look into whether the board followed regulations provided for under the Data Protection Act (DPA). Although it’s too early to say what action the ICO may take, if AQA are found to have breached the DPA, it could result in action ranging from a warning letter to a monetary penalty of up to £500,000.
The breach has also been reported to Ofqual as the exams watchdog.
Confirmation that personal data has been accessed
It transpires that AQA were alerted to the cyber-attack in March, in which they immediately proceeded to take the affected systems offline. On first glance, AQA’s spokesperson said that no data was stolen; but a couple of weeks later they confirmed on the 6th April that some data had actually been accessed. It showed up as part of a “thorough forensic analysis” run by the examining board.
Apologies from AQA
When AQA were aware of this, the board’s chief information officer, David Shaw, said:
“…we’re really disappointed that this has happened despite our huge efforts to keep our systems secure, and we’re very sorry that our examiners have been affected. We’ll give them whatever support they need, and we’d like to reassure students and parents that none of this affects this summer’s exams.”
Mr Shaw confirmed that all of the stolen data has now been reset, and AQA confirmed that they’re contacting all affected examiners.
Exact personal information that has been compromised
We’re currently representing a number of clients who have had their personal details compromised. The AQA Examiner Technical Line ( firstname.lastname@example.org ) sent correspondence to our clients to notify them of the breach. From their investigations, AQA noted the exact information that was stolen:
- Title, first name and surname;
- Address and post code;
- Personal and work telephone numbers;
- Email address we use to communicate with you;
- Email address listed on the extranet (which was your extranet username);
- CMI+/QMS/OLS password;
- Examiner pin;
- Memorable word (used for a ‘forgotten password’);
- Centre number.
Our response to the AQA data breach
We are representing people affected by the AQA Education data breach, so please don’t hesitate to get in touch if you need our legal expertise and advice.
You can call us free from a landline or mobile on 0800 634 7575 or fill out your details on our callback form below and we’ll call you back at a time that suits you.
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.