Sunday, July 14, 2024

UK: Data breach at Greensward Academy

Information such as free school meal status, address, deprivation status, exam dispensation and special educational needs of Year 11 children at Greeensward Academy in Hockley was accidentally leaked by a teacher.

SENSITIVE information about pupils was leaked to parents and students following a data breach Data breach at Greensward Academy High School

The information was made available to Year 11 pupils and their parents via Google Classroom when a mock examinations timetable was shared by the teacher who was unaware the document also contained sensitive information.

“It’s just unacceptable for this to happen,” a parent who wished to remain anonymous said.

“Some kids might not want other kids to know these things about them, as sadly, when it comes to stuff like free school meals, they might be mocked or looked down upon.”

According to a pupil, who also wished to remain anonymous, the document was posted online on January 17 and was removed five days later.

They said: “Kids are going around saying other people are on benefits. Some of my friends are on there and they’re not comfortable that other people know their disabilities or if they are getting free meals.”

On Tuesday, a letter was sent to parents of Year 11 pupils explaining the mistake and detailing actions taken to rectify the leak.

What the Academy had to Say

Education support manager Tom Gibbs-Digby said: “At Greensward Academy, we take the security of personal data extremely seriously and work hard to ensure we work within the GDPR regulations to keep your personal data secure.”

Recommended:  Cybersecurity on a Small Business Budget: Adapting to the Modern Threat Landscape

General Data Protection Regulation (GDPR) came into law in 2018 and means individuals and establishments responsible for using personal data have to follow strict rules to keep it secure.

Mr Gibbs-Digby added: “The information was only visible to Year 11 students and their parents/carers registers with Greensward Academy and was not visible to any other outside parties, companies or organisations.

“The incident was reported immediately and has been logged with our data controller as a data breach. An investigation has taken place and the staff involved have been given training and guidance in an effort to ensure that this does not happen again.”


You may also enjoy reading, The largest DDoS to date, Microsoft mitigates a 3.47 Tbps DDoS attack

Got to Cybersecurity News

Go to Homepage

Go to Cybersecurity Academy

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.

Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

User Avatar
Steven Black (n0tst3)
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

more infosec reads

Subscribe for weekly updates