Schools and trusts have been urged to ignore “fraudulent” letters with “a ministerial signature” purporting to be about a data breach.
The Department for Education has issued the warning over deceptive communications masquerading as a government “regulatory notice”.
It said leaders should ignore the instructions set out in the missive, which claims “there has been a data breach” at a firm that maintains background check records for schools.
In a notice, published this week, DfE stated the correspondence “is confirmed as fraudulent and has not been issued by the minister’s office”.
Ministerial signature
“We have been made aware that some academy trusts have received a letter presented as a DfE ‘national regulatory notice’,” officials said.
“It includes a ministerial signature and claims there has been a data breach involving Online SCR/Intradev.”
School have been told not to “follow any instructions in the letter” or “share data or comply with the directions”.
They must also “ensure senior leaders, governance leads and administrative teams are aware” and “report any receipt of the letter” to the DfE.
“This letter is confirmed as fraudulent and has not been issued by the minister’s office,” the notice said.
“If anyone has already acted on the letter, notify your school’s IT or security lead. You should also report it through your usual process and monitor systems for unusual activity.”
Cyber-attack
Intradev, a software supplier to Online SCR, also known as Single Central Record, was hit by a cyber-attack last summer.
It was feared names, addresses, phone, national insurance and passport numbers of school staff members may have been compromised by the incident.
Online SCR says it manages more than 350,000 staff records at 1,500 schools.
Mark Gardner, Online SCR’s director, said the company was “aware of the letter and it is clearly a serious attempt to damage our business and reputation using fraudulent methods, including forging a minister’s signature on a fake government document”.
He added: “We are glad the DfE has responded quickly and alerted multi-academy trusts to the fraudulent nature of the correspondence and advised them not to act on it.
“The letter contains inaccuracies and deliberately misleading claims. We hope the DfE counter fraud team finds who is behind this.”
Intradev managing director Steve Cheetham said the firm “regrets that its name has been used by fraudsters”. It is “committed to supporting the DfE and any impacted parties in order to help prevent scams of this nature”.
You can report fraud in the education sector here.
Your thoughts