Data breaches by schools and universities have been on the rise in the previous 12 months, demonstrating a continuing failure by the educational sector to come to terms with the data protection obligations imposed by the May 2018 General Data Protection Regulation (now the UK GDPR).
Universities are prime targets.
In May of 2020, cyber criminals manages to steal confidential data of students past and present including: phone numbers, donation history and event attendance. The ransomware attack targeted the cloud computing provider Blackbaud, which is a major supplier to Universities worldwide.
Needless to say, universities hold and process a great deal of information that could be monetised by criminals. Universities hold sensitive personal information on thousands of staff and students, making them prime targets for attack.
In addition, universities handle large amounts of research data, intellectual property and other assets, all of which have significant value to others. According to the National Cyber Security Centre (NCSC), it is almost certain that state-sponsored actors are attempting to steal data and intellectual property from universities for strategic advantage. Cyber criminals also target universities to commit fraud and monetise any stolen material through sale or ransom.
Recent data breaches by schools and universities
In a recent data breach incident a Birmingham college had to close because of a ransomware cyber- attack. The hackers encrypted the college’s computer system and demanded a ransom in return of decrypting the systems. The college confirmed that “a volume of data has been extracted from our servers”. While students have only recently returned to class, the college decided to revert to online teaching until resolving the incident.
But even with cyber-attacks on the rise, the most common data breaches within the educational sector (and all other sectors for that matter) remain those caused by “human error”. Suffering a data breach can be extremely upsetting. Here at DRM Legal we have seen first-hand the distress which data breaches can cause, including putting children at risk of discrimination, exploitation, or even abuse.
Schools and universities must continue to strive to put in place appropriate security measures to reduce the number of data breach incidents. Such measures can range from the simple, such as training staff and students on how to recognize a phishing email (and not to respond to it!), to the more complex construction of firewalls and cloud security systems.
If you believe your data has been breached by a school or university, get in touch with one of our team at DRM Legal, and we will ensure you get the compensation that you deserve.