Pupils and parents at Leytonstone School were worried that their personal information may have exposed following a ‘devastating’ data hack at Leytonstone School.
The Leytonstone School breach happened after cybercriminals broke into the school’s IT systems. The secondary school was forced to close following the attack. Around 800 pupils at the school – which is located in Waltham Forest, North East London – had to take classes remotely until the school was able to reopen.
According to media reports, the attack led to a significant amount of personal data being accessed. The school reported the data security incident to the National Cyber Security Centre and the Information Commissioner’s Office (ICO).
Victims of data breaches often become the target of cybercriminals and similar privacy violations have resulted in fraud, blackmail, and identity theft. As such, we advised that anyone affected by this attack was at high risk of being targeted by cybercriminals and should take immediate steps to protect themselves.
In a letter to parents, head teacher, Jessica McQuaid said: “I am incredibly sorry for the short notice but it is illegal for schools to open without this document in place. I am devastated that this IT incident has taken place and impacted the start of the half term for pupils.”
This document referred to is the school’s ‘single central record’, which contains information and vetting checks of all staff. The inability to access vital information suggested that the school might have fallen victim to a ransomware attack.
Leytonstone School advised parents to change their passwords for all school-related sites, such as ParentPay and Google Classroom.
Schools are responsible for handling a wealth of sensitive data, including information about our children. But unfortunately, many are falling short when it comes to data protection.
Data breaches in schools are on the rise, and according to the Information Commisioner’s Office (ICO), in 2021, the education sector was the second worst offender in the UK and was responsible for at least 172 data breaches.
With limited budgets and competing priorities, it’s not surprising that data protection is often overlooked in schools. But this has made the sector a prime target for hackers who are eager to get their hands on valuable personal information.
It’s imperative that schools take data protection seriously, invest in staff training, and ensure that proper safeguards are in place to keep our personal information safe. Because in our experience, these types of data breaches rarely happen when robust safety measures are in place.
The school in Waltham Forest was closed after it was targeted in a ‘critical incident’. A significant amount of personal data was reportedly accessed in the attack.
If you are affected by the data breach, the school should contact you to let you know.
Anyone who thinks they might be involved should take immediate steps to protect themselves.
KP Law has some of the most skilled data breach lawyers in England and Wales. Here are just some of our success stories.
KP Law is a founding member of the Collective Redress Lawyers Association (CORLA). CORLA aims to improve access to justice for claimants by way of collective redress.