Software bug put personal data of pupils at 21,000 UK schools at risk

Software bug put personal data of pupils at 21,000 UK schools at risk

Software bug put personal data of pupils at 21,000 UK schools at risk

A bug in an information management system used by 21,000 UK schools almost resulted in a major data security incident after it was discovered that the software incorrectly matched contact details of students with their names.

Thanks to the bug, a student or the student's parents could view e-mail addresses, phone numbers, and physical addresses of other students once they were contacted by their schools using any of these methods of communication.

"The consequence of the corruption is that contact information for the incoming pupil for example, address, telephone number and email address, may have become associated with other pupil’s records, or the new pupil could themselves be linked to the wrong contact details. The problem could have impacted pre-admissions, pupils on roll and the records of school leavers," said Capita, the developer of the information management system in an e-mail to schools.

The firm added that it has developed an upgraded version of the information management system which will take care of the bug and that the breach would not happen again. However, it did not confirm exactly how many students were affected because of the bug.

"We have identified isolated instances where the contact details of new applicants to a school have merged with those of existing pupils. This has only happened on rare occasions where the first name and surname of the pupils’ listed contact are an exact match," said a spokesperson for Capita to The Register.

"We have taken immediate steps to fix the software to prevent this from happening again and have also issued guidance to schools on how to identify and rectify any issues. We apologise to schools and parents for any disruption this may cause."

UK schools under persistent attack

This isn't the first time that privacy of students and staff at UK schools have been put at risk due to software bugs or lack of security measures. In February this year, poor security around CCTV cameras came back to bite four schools in the UK after cyber criminals hacked into their CCTV systems and broadcast feeds on a US website for all to see.

Feeds from the affected schools, which included St Mary’s Catholic Academy and Highfield Leadership Academy in Blackpool, contained live footage of playgrounds, corridors, restrooms, and other areas both inside and outside the school buildings.

Criminals behind the operation also managed to hack into CCTV systems at 'hundreds of public spaces, businesses and private homes' as such systems were not protected by passwords, the Daily Mail noted.

Last year, Action Fraud noted that cyber-criminals, posing as officials from the Department of Education, sent malicious e-mails to headteachers and financial administrators at several UK schools, asking the latter to share staff members' personal email addresses and phone numbers.

The emails sent to headteachers and financial administrators contained .zip attachments that, once opened, encrypted users' files and demanded up to £8,000 to restore access. Action Fraud noted that many similar scams involved cyber criminals posing as the Department for Work and Pensions and telecoms providers to gain access.


Hackers targeting students with phishing emails to steal personal information

Personal data of 90,000 Univ of Surrey staff & students leaked by erring employee

Copyright Lyonsdown Limited 2020

Top Articles

Hackers exploited critical flaws in Accellion FTA to steal client data

Accellion suffered a breach in December that compromised more than 100GB of sensitive data associated with the its enterprise customers.

Hacker stole 3.3m customer data records from Filipino loan firm Cashalo

Cashalo, a digital credit company in the Philippines, suffered a massive breach that compromised over 3.3 million customer data records.

A lack of manpower is exposing the world’s cyber-vulnerabilities

As well as investing in talent, the cyber security industry needs to promote transparency and global cooperation

Related Articles