Software bug put personal data of pupils at 21,000 UK schools at risk

Software bug put personal data of pupils at 21,000 UK schools at risk

Software bug put personal data of pupils at 21,000 UK schools at risk

A bug in an information management system used by 21,000 UK schools almost resulted in a major data security incident after it was discovered that the software incorrectly matched contact details of students with their names.

Thanks to the bug, a student or the student’s parents could view e-mail addresses, phone numbers, and physical addresses of other students once they were contacted by their schools using any of these methods of communication.

“The consequence of the corruption is that contact information for the incoming pupil for example, address, telephone number and email address, may have become associated with other pupil’s records, or the new pupil could themselves be linked to the wrong contact details. The problem could have impacted pre-admissions, pupils on roll and the records of school leavers,” said Capita, the developer of the information management system in an e-mail to schools.

The firm added that it has developed an upgraded version of the information management system which will take care of the bug and that the breach would not happen again. However, it did not confirm exactly how many students were affected because of the bug.

“We have identified isolated instances where the contact details of new applicants to a school have merged with those of existing pupils. This has only happened on rare occasions where the first name and surname of the pupils’ listed contact are an exact match,” said a spokesperson for Capita to The Register.

“We have taken immediate steps to fix the software to prevent this from happening again and have also issued guidance to schools on how to identify and rectify any issues. We apologise to schools and parents for any disruption this may cause.”

UK schools under persistent attack

This isn’t the first time that privacy of students and staff at UK schools have been put at risk due to software bugs or lack of security measures. In February this year, poor security around CCTV cameras came back to bite four schools in the UK after cyber criminals hacked into their CCTV systems and broadcast feeds on a US website for all to see.

Feeds from the affected schools, which included St Mary’s Catholic Academy and Highfield Leadership Academy in Blackpool, contained live footage of playgrounds, corridors, restrooms, and other areas both inside and outside the school buildings.

Criminals behind the operation also managed to hack into CCTV systems at ‘hundreds of public spaces, businesses and private homes’ as such systems were not protected by passwords, the Daily Mail noted.

Last year, Action Fraud noted that cyber-criminals, posing as officials from the Department of Education, sent malicious e-mails to headteachers and financial administrators at several UK schools, asking the latter to share staff members’ personal email addresses and phone numbers.

The emails sent to headteachers and financial administrators contained .zip attachments that, once opened, encrypted users’ files and demanded up to £8,000 to restore access. Action Fraud noted that many similar scams involved cyber criminals posing as the Department for Work and Pensions and telecoms providers to gain access.


Hackers targeting students with phishing emails to steal personal information

Personal data of 90,000 Univ of Surrey staff & students leaked by erring employee

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”” /]