The education sector is being increasingly targeted by cyberattacks, with the National Cyber Security Centre (NCSC) issuing a warning regarding the rising incidence of criminal attacks in late March. Primary schools, secondary schools and higher educational institutions all hold a wide variety of private information, some of which can be highly sensitive in nature. Ensuring good cybersecurity in the education sector is, therefore, of paramount importance to ensure the privacy and safety of both staff and students.
While some cyberattacks can be difficult to prevent, it can sometimes be the case that organisations have failed to ensure that their systems are secure enough, allowing hackers a point of easy access. When this occurs, the organisation in question may have breached data protection law.
It is essential that schools and universities do their bit to protect the information that they store and process, or they risk exposing staff and students to data misuse. Anyone who has been put in this vulnerable situation may be eligible to claim compensation for the harm caused, so do not hesitate to contact us if you think that you may have a claim to make.
Cybersecurity in the education sector – the growing risk
In late March, the National Cyber Security Centre (NCSC) issued an alert warning of the growing risk to cybersecurity in the education sector. In particular, the warning stressed that there has been a rising incidence of targeted ransomware attacks, with a spike beginning at the end of February.
The NCSC previously issued a warning of a similar increase in August and September last year, when the academic year began. The NCSC stated that ransomware attacks on UK educational institutions had recently provoked the loss of financial information, student coursework and coronavirus test data.
Education sector data breaches and compensation pay-outs
With cybersecurity in the education sector at such a high risk, the list of universities hit by cyberattacks is long. Cybercriminals can see higher education institutions as prime targets, given that they hold extensive data such as financial information, personal and family details, and medical information, as well as information taken for diversity monitoring (e.g. sexual orientation, ethnicity, disability etc.). There is also research information that could be targeted by foreign state threat actors as well.
Investigations into the Northampton University cyberattack, one of the most recent university attacks, are still ongoing. What we do know is that the incident had a severe impact on operations, bringing down IT and phone systems and causing a real problem. This is just one recent example.
In cases where schools and universities are at fault for data exposure, whether it occurred through a cyberattack or an internal employee error, they could be liable to pay compensation to those affected. In terms of data breach compensation amounts and examples, claims could be worth thousands or even over £10,000 depending on the severity of the impact and the nature of the information exposed.
Cyberattacks, data breaches and compensation claims
Regardless of the circumstances of a data breach, it is vital that educational institutions are held to account for any data protection errors. The series of severe cyberattacks that have affected schools and universities should act as cautionary tales, so educational institutions now have no excuse for poor cybersecurity.
If you have been a victim of data exposure due to poor cybersecurity in the education sector, you may be eligible to make a compensation claim. You could recover compensation for the distress caused and for any financial losses or expenses resulting from the data breach.
Contact us today to receive free, no-obligation advice on your potential compensation claim.