What
Loss of sensitive personal data.
How much
20,000 records.
Why
Malicious website intrusion.
Regulator
ICO
Regulatory action
Undertaking issued to ensure that encryption is used, annual penetration tests are performed and password policies are updated to ensure security.
Reason for action
A member of staff was using the same password for the school’s website and management systems, allowing the attackers, including at least one pupil, with the system administration information required to attack the system.
When
08 August 2011.
Links
View PDF of the Bay House School Undertaking (Via ICO Website)
View PDF of the Bay House School Undertaking (Breach Watch Archive)