Data breaches by schools and universities

Educational establishments commonly hold a wealth of information about their students, often to meet safeguarding requirements, or to ensure teachers have an appreciation of children’s personal circumstances. Such information can be valuable in providing care and support to students, yet it can also represent a security risk if organisations are not doing enough to protect this information. Due to the sensitivity of the information held, data breaches by schools and universities can be particularly harmful to those affected.

Unfortunately, cybercriminals also recognise the value of pupil and student data, seeing educational institutions as prime targets for hacks. The National Cyber Security Centre released an alert earlier this year revealing that the education sector was at an increased risk of ransomware attacks in late February, which is important to note.

With external threats to the sector high, it is essential that schools and universities are doing their utmost to protect personal information. Where they fail to do so, victims may be able to claim compensation for any loss of control of their personal information.

The implications of education sector data breaches

The potential effects of data breaches by schools and universities can be most clearly demonstrated by the kinds of information these organisations hold. It is likely that all schools and universities hold information such as basic contact details, home addresses and dates of birth, but the information can also be a lot more sensitive.

For example, at schools, teachers have to be aware of their pupils’ diverse needs, meaning schools will often hold details pertaining to pupils’ disabilities, special educational needs and family background.

Similarly sensitive information is often retained by universities for the purpose of diversity monitoring, which means that universities ask students to disclose details of ethnicity, gender, sexuality, disability, religion, and nationality. If data such as this is exposed, it could put those affected at risk of all kinds of data misuse, including more malicious crime such as blackmail or having their information held to ransom.

Examples of data breaches by schools and universities

Many universities have succumbed to cyberattacks or committed data breaches in recent years, and we have represented a number of victims for successful claims. These incidents can bring systems to a standstill, but events can constitute a breach of the law if it is deemed that the university itself is responsible for allowing information to become vulnerable.

As one example, the University of East Anglia data breach demonstrated how data breaches by schools and universities can be caused by human error. In this incident, a file containing information on students’ details that included health matters, domestic problems, personal issues, and even bereavements was mistakenly emailed to 298 people. In our University of Greenwich action, the breach was caused by information being accessible online in error, some of which was similar to the above.

Claiming compensation as a data breach victim

The impact of data breaches by schools and universities can be severe, which is why it is important that those affected are given a chance to claim the compensation they deserve. As specialists in data breach claims, we have taken action against several different kinds of organisations who have breached the GDPR, and local authorities, hospitals, businesses, and educational establishments have all been subjected to compensation claims.

To receive free, no-obligation advice on your potential compensation claim, contact our team today or register your details for a call-back.

Healthcare network breaches

Stor-A-File cyberattack: information dumped on the dark web