Rochester School data breach
school distress claim

Data Leak Lawyers - Begin Your Data Breach Claim Today!

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Rochester School data breach

The Rochester School data breach was caused as a result of a USB stick containing pupil data being lost. The data stick was also unencrypted.

It’s understood that the data for every single pupil – that’s more than 1,000 pupils – at the Rochester Grammar School was exposed on the unencrypted memory stick that was lost. The data included personal and sensitive information which is enough to cause distress to the victims involved.

Rochester School has since apologised for the data breach and the matter has been reported to the UK’s Information Commissioner’s Office (ICO). The Thinking Schools Academy Trust that runs the school has called the data breach “exceptionally disappointing”.

Rochester School data breach: information exposed

The information exposed in the Rochester School data breach includes:

  • Names;
  • Birth dates;
  • Email addresses;
  • Years;
  • House in school;
  • Special education needs;
  • Grades: targets and attainments.

It’s also understood that the lost USB stick contained information as to whether pupils spoke English as well.

A serious data breach

The Rochester School data breach is serious given the nature of the personal and sensitive information that has been exposed by the school. Any breach of personal information can be serious, and when we’re talking about potentially vulnerable young people, it’s important to recognise how severe this breach is.

The lost USB stick was reportedly found by a member of the public, and the ICO has been informed.

This is not the first case of an unencrypted USB stick being found by the public that contains personal and sensitive information, and it’s astounding that simple measures such as encryption were not taken when handling the data exposed in this breach.

It’s not difficult at all to password-protect and encrypt data for mobile transport. This should always take place before personal and sensitive data is moved around. Further, data should always be recorded and properly monitored when being moved; a problem the police have faced in the past when moving sensitive data between locations.

Anyone who is affected by a data breach where information has been exposed in such a way can be entitled to claim for data breach compensation.


The Rochester School data breach has taken place after the new GDPR came into force. This means that the punishments the ICO can hand out can be massive.

Although the ICO will assess all cases on a case-by-case basis, it will be interesting to see what punishment the ICO decides to hand out given their new powers that the GDPR has afforded them.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy
Contact is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon