Loss of sensitive personal data.
Malicious website intrusion.
Undertaking issued to ensure that encryption is used, annual penetration tests are performed and password policies are updated to ensure security.
Reason for action
A member of staff was using the same password for the school’s website and management systems, allowing the attackers, including at least one pupil, with the system administration information required to attack the system.
08 August 2011.