Over the Easter break the school was a victim of a cyber-attack. We have been working with our cyber security response team and the Cyber Police to investigate the attack and now understand that the hackers have posted some of the school’s data onto the dark web. 

What does this mean?

The investigation indicates that some personal information has been posted, including from former members of staff and students.  

What staff information has been affected?

Our investigation indicates that some staff information will have been posted. This includes some names, addresses, email addresses, phone numbers, national insurance numbers, ID documents, HR information and bank details. Some of this information may put individuals at risk of identity fraud, identity theft or other risks associated with a cyber-attack. 

What pupil information has been affected?

Our investigation indicates that some pupil information will have been posted. This includes some names, addresses, email addresses, details of pupil premium status and pupil support needs. On its own, the information that has been accessed from our IT systems is very unlikely to pose any risk of identity fraud, identity theft or other risks associated with a cyber-attack, However, if this information is combined with other information available online then the risk of identity fraud may increase. 

What are we doing?

On discovering our IT systems had been compromised we took immediate action to engage our cyber response team to carry out an investigation and look at additional measures to put in place to reduce the risk of any further attacks. We have informed the Cyber Police and the Information Commissioner’s Office (ICO) and are working closely with our Data Protection Officer/Team (SAMpeople).  

Our investigation has shown no evidence that the affected information is publicly available online through traditional search engines. Our cyber security response team have assured us that accessing the posted information on the dark web is hugely challenging due to the nature of the dark web infrastructure. The affected data is not indexed as it would be on traditional websites and requires specialised tools to navigate hidden services. Additionally, download speeds on the dark web are significantly slower making it time-intensive to retrieve large datasets. This complexity combined with the technical barriers of accessing and navigating the dark web, means that the affected information is not readily available or accessible to the general public. 

What steps can you take?

There are certain steps you can take to protect yourself from the risk of identity fraud, including: 

• Ensure your passwords for any school accounts are changed.  
• Ensure that you do not re-use passwords across important accounts. 
• Ensure you choose strong, unique passwords which are not easy to guess. 
• Enable two-factor authentication across all your important accounts where this is available. 
• Monitor your financial accounts and credit reports for any suspicious activity. You can check your credit report for free from a number of credit reference agencies. For example, Clear Score or Experian. 
• Report any suspicious banking activity to your bank immediately.  
• Be alert for phishing emails, phone calls from unknown numbers and text messages – messages where the sender is prompting you to click links or enter your details. Further advice on using passwords to protect your data and spotting and reporting suspicious correspondence is available from the National Cyber Security Centre (National Cyber Security Centre – NCSC.GOV.UK). 

Further advice on using passwords to protect your data and spotting and reporting suspicious correspondence is available from the National Cyber Security Centre.  

What happens next?

Our school has a Data Protection Officer (DPO) to advise us on our obligations under data protection law. If you have any concerns relating to data protection, please contact us at queries@thederbyhighschool.co.uk which will run until the end of June.