Schools

30k primary pupils’ data may be at risk after Capita cyber attack

Dark web monitored for the information after company was targeted in March

Dark web monitored for the information after company was targeted in March

Exclusive

Tens of thousands of primary pupils’ details may have been stolen in a huge cyber-attack at government outsourcer Capita, Schools Week can reveal.

The dark web is being monitored for the information after the company was targeted in March, with 90 organisations reporting breaches of personal data held by Capita.

Capita runs several services for the Department for Education, including administering primary school SATs for the Standards and Testing Agency (STA).

Documents obtained by Schools Week reveal up to 30,000 pupil personal data records under the STA contract are “believed to have been exfiltrated”.

In its report to the Information Commissioner’s Office (ICO), the DfE said this included “pupil names, dates of birth, pupil IDs, test types and school reference numbers, in additional (sic) to other non-identifiable management data”.

It did not contain “any addresses for the pupils or contact details or names of schools, exam results; or any special category personal data or any financial information.

“Whilst name and date of birth are unlikely to present a high risk, should the information be made public for sale, it is likely to cause distress.

“The added inclusion of a school identifier may increase the likelihood of identification, but is unlikely to present a greater risk to the data subjects, unless there is a safeguarding issue potentially.”

However, in May the DfE said because there “is not a high risk posed, we are currently unlikely to inform the STA data subjects”.

Capita estimated the attack could cost up to £20 million.

‘Potentially compromised forever’

When asked about the SATs data breach, a spokesperson said it had “found no evidence of any information in circulation, on the dark web or otherwise, resulting from the cyber incident”.

Jen Persson, the director of the campaign group DefendDigitalMe, said children’s names and dates of birth was “critical identity data. These children and related family members are potentially compromised forever.

“If it’s not (yet) been put up for sale, it also begs the question who or what organisation might want children’s identities for what reasons.”

It was initially thought that several thousand teacher pension scheme members could also have been impacted.

But the DfE’s submission said in May only one member “most likely” had personal information taken.

It said Capita was monitoring the teacher’s account for “suspicious activity” and providing them with a 12-month membership of Experian Identity Plus, which alerts members to potential suspicious activity.

In the ICO report, the DfE said breached data figures have “changed several times (both up and down) and is not confirmed”. Neither the DfE nor Capita confirmed if the figure had changed as of this week, nor whether it had been communicated to pupils or their families.

The DfE said that almost all STA data was stored on uncompromised servers. A spokesperson said it was in “regular contact” with Capita as “it continues investigations”.

Data was taken from less than 0.1 per cent of Capita’s server estate, the company said in May.

“Having taken extensive steps to recover and secure our data … we still have found no evidence of any information in circulation, on the dark web or otherwise, resulting from the cyber incident,” it said in a statement this week.

An ICO spokesperson said it was “making enquiries” into the incident.

Latest education roles from

Chief Executive Officer | Mowbray Education Trust

Chief Executive Officer | Mowbray Education Trust

Mowbray Education Trust

Electrotechnical Technician Demonstrator

Electrotechnical Technician Demonstrator

West Suffolk College

Transport Co-ordinator

Transport Co-ordinator

Eastern Education Group

Technical Demonstrator Health

Technical Demonstrator Health

West Suffolk College

Teaching Assistant

Teaching Assistant

Peile

Programme Tutor – Business Management (Fixed Term Cover role)

Programme Tutor – Business Management (Fixed Term Cover role)

West Suffolk College

Sponsored posts

Sponsored post

Ensuring Learning Never Stops: Portakabin Supporting Schools Affected by RAAC

In recent months, the discovery of reinforced autoclaved aerated concrete (RAAC) in over 230 schools across England has presented...

SWAdvertorial
Sponsored post

Text-based programming tools for young learners

The Raspberry Pi Foundation’s Code Editor helps make learning text-based programming simple for children aged 9 and up. Learn...

SWAdvertorial
Sponsored post

IncludEd 2025 is coming…5 whole school inclusion insights you need

We’ve all been there.  You’ve cleared a whole day and then trekked for hours to be at an education...

SWAdvertorial
Sponsored post

The impact of vocational education at KS4 and beyond 

Everyone reading this article of Schools Week shares a common purpose: we all want to create the brightest possible...

SWAdvertorial

More from this theme

Schools

Keep Latin funding for six more months, leaders urge Phillipson

Schools involved in the Latin Excellence Programme have written to the education secretary to ask for an extension

Lydia Chantler-Hicks
Schools

RAAC yet to be removed from 90% of crisis-hit schools

Work finished in just 30 RAAC schools, sparking warnings 'thousands of children are studying in inadequate' buildings

Lydia Chantler-Hicks
Schools

11-hour school day pays dividends

A report showed missed homework sanctions were down 12 per cent and stars for good behaviour were up 16...

Lucas Cumiskey
Schools

Far more children ‘missing’ from school than DfE estimates, says EPI

Study suggests 300,000 children are now missing from education - more than double official estimates

Freddie Whittaker

Your thoughts

Leave a Reply

Your email address will not be published. Required fields are marked *