A Hampshire secondary school - Bay House School in Gosport – has been censured by the Information Commissioner's Office (ICO) for having exposed the personal information of thousands of people, including pupils, to a hacker who targeted the school’s website back in March.
Revealing that the hacking attack – incidentally carried out by a pupil at the school – exposed not only the names, addresses, photographs and medical information of 7,600 students, but also the personal details of the teachers as well as the students’ parents, the ICO claimed that the Bay House School had violated the Data Protection Act.
Noting that nearly 20,000 people in all were affected by the hack, the ICO said that the investigations into the incident have found that a Bay House School headteacher had apparently used the same password to access both the school's website and its internal data systems.
Later on, this password was used by a pupil to gain entry to other parts of the school's systems, unfolding the potential access to the personal information of individuals.
The ICO also found that even though the school had advised its staff-members to use different passwords, there seemingly were no checks in place to make sure whether this was actually happening.
About the entire incident, the school said: “We were able to act very quickly to identify the hacker and take appropriate action. We have learnt from this incident and would encourage all other schools to take heed of our experience.”
Related News
- ICO slams a Hampshire school over data breach
- Sega Pass’ 1,290,755 registered users lose personal data to hackers
- Kronic Becomes Chronic for School Authorities
- Pa. school district to reveal details of webcam spying investigation
- Need to Increase the Accessibility of School Nurses Stressed Upon
- Posting of Vulgar Photos by High School Teachers Being Investigated by Education Queensland
- Seventh to 12th Grade Students Requires to Take whooping Cough Vaccine
