This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. > Find out more here
Bay House School in Hampshire has admitted to breaching the Data Protection Act after the personal details of nearly 20,000 individuals, including 7,600 pupils, were put at risk during a hacking attack on its web site.
The hack, which occurred in March, exposed pupils' names, addresses, photographs and some sensitive information relating to their medical history.
Personal information relating to the pupils' parents and teachers was also compromised during the breach.
The problem was identified shortly after the hack and the security of the site was immediately restored. The school reported the breach to the ICO on 17 March.
The Information Commissioner's subsequent investigation found that the security of the school web site had been compromised by a member of staff who had used the same password to access both the school's site and its data management systems.
This password was found by a pupil and used to access other parts of the system. The school had advised staff to avoid the use of duplicate passwords; however, no checks were in place to make sure this policy was followed.
Sally Anne Poole, acting head of enforcement, said: "While it can be difficult to remember lots of different passwords, it is important that individuals do not use the same password to log in to data systems that are supposed to be secure. This is particularly important when the systems allow access to sensitive information relating to young adults.
"We are pleased that Bay House School has agreed to take action to improve the security of the personal information it holds."
Ian Potter, head teacher of Bay House School, has now signed an undertaking to ensure that all reasonable measures are taken to encrypt and separate sensitive and confidential information held on the school's management system. Bay House will make sure that its staff understands the school's guidance on the use of passwords.
The school's web site will also be tested regularly to ensure that the personal information it holds remains secure.
Newsletters
Latest stories from Security
Latest videos
You may also like
Security jobs
Does Google know too much about you?
Updating your subscription status 
The trend towards non-desktop-based devices is enabling more flexible working practices and behaviours
Upcoming Events
Date: 29 May 2013
THIS EVENT HAS BEEN POSTPONED DUE TO ILLNESS. Business intelligence is enjoying an upsurge of interest. In an era in which businesses and organisations...
Date: 11 Jun 2013
The enterprise mobility summit will examine how organisations can manage the increasing array of endpoints which are enabling mobile computing in business....
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
