Cyber Police have launched a major investigation after student information was reportedly leaked onto the dark web following a major cyber-attack at a Hereford secondary school.
Parents at The Bishop of Hereford’s Bluecoat School have been sent a letter this evening that included the following:
“As you will know from a previous letter I wrote to you, in October we were victims of a cyber-attack on the schools IT system which caused significant disruption. We have been working hard and now have the IT system back up and running successfully.
“We were recently made aware that as a result of the cyber-attack, there has been a breach of some school information. I am writing to you to keep you updated and provide further information about the consequences of the attack we were subjected to and what our next steps are to enhance the protection of our school in the future.
“Given the nature of the attack on our school and the breach of information, we have reported this to the Information Commissioner’s Office who will advise us of next steps in their process. The ICO is the UK’s independent body set up to uphold information rights.
“On Monday 31st October, we received communication from an alleged third party company stating that the school’s data had been published on the ‘dark-web’. The dark web is a way for private computer networks to communicate and conduct business anonymously online without divulging identifying information, such as a user’s location.
“Following further investigation, last week, the school has been in communication with the Cyber Police, of which investigations are ongoing. At this point, the school can confirm that student information had been posted on 27th October.
“As a school, this is deeply concerning and distressing time for us in that personal and confidential information has been breached and published in this way.
“Unfortunately, it is not possible to ascertain exactly how much of the data has been copied or shared and in that respect the breach is currently uncontained.
“Given the severity of some of the information that has been published, I am writing to inform you and ask that you remain vigilant in the event you encounter an unusual or suspicious activity.”
“This is a very difficult letter to write to you and I appreciate the concern you will have about the extent and implications of the data breach I have described.
“The hacking group responsible for the criminal activity on us have made similar attacks internationally, with a focus on public sector organisations, specifically schools and hospitals, seemingly with the intent to cause as much distress and disruption as possible.
“On behalf of the school, I sincerely apologise for the distress that this may cause and reassure you that we are doing everything we can in taking all necessary steps to address this situation.”
Yours Sincerely,
Martin Henton, Headteacher.