Exclusive: More than 700 school data breaches in a year

Schools risk ‘extensive reputational damage’ if personal data of parents or pupils is compromised, accountants warn 

There has been a big increase in data breaches in schools reported to the Information Commissioner's Office

The number of data breaches reported by schools increased by almost a quarter in just two years, new research shows.

Schools in the UK reported 703 data breaches to the Information Commissioner’s Office (ICO) in 2016-17, compared with 571 in 2014-15.

A freedom of information request by accountancy network UHY Hacker Young showed that 674 were reported in 2015-16.

The news comes after a school business managers’ leader last year warned that funding pressures on schools were making them more vulnerable to cyber-attacks.

And earlier this year, the Charity Commission warned private schools that fraudsters were trying to intercept fee payments from parents using emails.  

Allan Hickie, partner at UHY Hacker Young, warned that cyber-attacks can cause schools “extensive reputational damage, especially if the personal data of children and parents is compromised”.

He added: “As almost all data is now stored electronically, safeguards must be put in place to ensure that schools’ sensitive data is kept secure.

Guarding against cyber attacks

“Parents must be reassured that the information held on their children, and their own financial data, is kept safe.

“Many private and independent schools are attractive to fraudsters, as school fees that they are attempting to redirect are often of high value. It is vital that schools have strong data security in place.”

His organisation warned that schools are now at a serious risk of large fines from the ICO if they fail to report data breaches, following the introduction of GDPR in May 2018.

The regulations make it compulsory for all organisations to report any data breach where there is a risk to people’s data security, including incidents where no information is actually lost or stolen.

However, UHY said that the ICO is unlikely to levy large fines on smaller schools and academies where data on pupils has not been put at risk.

The Department for Education said that all organisations, including schools and colleges, should have good basic cyber-security measures in place.

It pointed to the government's Cyber Essentials scheme, which aims to protect against common vulnerabilities which are widely reported online.

Log in or register for FREE to continue reading.

It only takes a moment and you'll get access to more news, plus courses, jobs and teaching resources tailored to you