Pupil data corrupted after bug hits Capita SIMS

A bug affecting school information management systems may have corrupted pupil data at thousands of schools around the country.

The error has hit Capita’s Schools Information Management System (SIMS), which supplies information management to 23,000 schools.

An email from Hampshire council’s children’s services department, seen by Schools Week, was sent to every headteacher in the county warning of “a software issue affecting all customers nationally” that “brings data breach risks”.

The council warned there was no way of identifying which records had been affected and said it was “vital” that schools do not rely on the contact information in SIMS if they want to “avoid potential data breaches”.

Schools Week understands the glitch may have incorrectly linked contact details to the wrong pupils. It means data on a new pupil joining a school – including address, telephone number and email address – could be associated with another pupil’s records, or the pupil’s data could itself be changed.

There is also the possibility that data on pre-admissions, pupils on roll and the records of school leavers may have been affected.

The error has been blamed on an upgrade that took place in December. Capita did not comment on when it first became aware of the issue.

A spokesperson for Capita said the company had “identified isolated instances where the contact details of new applicants to a school have merged with those of existing pupils.

“This has only happened on rare occasions where the first name and surname of the pupils’ listed contact are an exact match.”

She added that Capita had taken “immediate steps” to fix the problem and added: “We apologise to schools and parents for any disruption this may cause.”

Capita first acknowledged the problem on the support section of its website on Thursday last week, when it accepted the problem was a “major concern for many schools”.

“If you have imported a CTF [common transfer file] for pupils joining your school, that included parents or other contacts with a name that matched exactly to a contact record already in your database, the applicant may have been linked incorrectly to this person and some data may have changed.

“Please be assured that this is being investigated with the highest priority so that we can assist you in easily identifying whether this may have occurred in your school.”

The company has released a patch that schools can download to stop the error occurring, but will not fix the files that have already been corrupted.

Capita also said it was not the company’s “responsibility” to report the issue to the Information Commissioner’s Office (ICO).

“As the data controller, it is the customer’s responsibility to report any data breaches to the ICO,” it said. “Extensive guidance is available on the ICO website on data breaches and customers should review this thoroughly before taking any action.”

It is not clear if this incorrect data was used in the spring 2018 school census. If it was, national pupil data collected by the government will be at risk of corruption.