Skinners’ Kent schools data breach

In recent months, cyberattacks on the education sector have been rising, and Skinners’ Kent schools were among the targets last year. In early June 2021, it was revealed that Skinners’ Kent Academy Trust had reportedly succumbed to a hack, leaving the school unable to stay open.

At their worst, coordinated cyberattacks can make computer systems inoperable, and the hackers who have taken control may be able to steal personal information. Pupil information was likely put at risk in the hack at Skinners’ Kent schools, enabling it to be stolen by the hackers.

Many schools hold highly sensitive information about their pupils, which can heighten the risk to privacy when a data security incident occurs. Schools, like all organisations, have a duty to eliminate such risk as far as possible. Where they fail in this responsibility, they may be in breach of data protection law.

The incident at Skinners’ Kent schools

The trust of Skinners’ Kent schools is understood to comprise of a secondary academy and a primary school, both of which were repeatedly hit in the cyberattack. The blow dealt to the trust appeared to have been severe, with hackers being able to steal and encrypt information, putting it out of access for staff. The encrypted data is understood to have included important information needed for safeguarding purposes, such as emergency contact information for the pupils.

Most worryingly, the attack reportedly led to the theft of a number of types of data. On its website, Skinners’ Kent Academy stated that the exposed information included: “a wealth of teaching resources, school trip information, policies, human resources files and a significant amount of staff data, some student data including medical information and data pertaining to our iPad scheme”. To us, the human resources and medical information may represent the most significant concern, as these records could give external hackers significant insight into the lives of students at Skinners’ Kent schools.

The rise of education sector data breaches

In recent months, the National Cyber Security Centre has issued alerts on the rise of ransomware attacks that have been hitting the education sector. Schools, colleges and universities have all been at risk. The incident at Skinners’ Kent schools bears the hallmarks of a typical ransomware attack, given that it rendered the systems inaccessible. There is nothing to suggest that the trust paid a ransom, but their involvement in the growing ransomware trend shows how harmful it can be for schools if preventative efforts fail.

It is important that schools rise to meet the challenge of increased cyberattacks with strong data protection strategies, or they risk facing further system downtime, closures and – perhaps most seriously – pupil and staff information exposure.

Cyberattacks and data breach claims

There can sometimes be a misconception that cyberattacks are solely the fault of hackers, but in fact the attacked organisations can be responsible in many ways. If a data controller has failed to impose enough protective measures on personal data, and your private information has been affected as a result, you may be able to hold them liable via a data breach compensation claim.

Whether it was a school, healthcare or local authority data breach, we may be able to investigate your claim and look to recover the compensation you deserve.

Contact our team today to receive free, no-obligation advice on your potential case.

FCA data breaches

When a data breach compromises data privacy – what to do