In a world full of hacking and privacy breaches the last place we expected to be hacked was a school in the middle of Ireland. A school in Carlow fell victim to a cyber hack earlier in the month.
Students and parents of St. Leo’s College in County Carlow found out about the hack last week through a letter from the secondary school notifying them of an attack on the IT system. The school was notified of the data breach on April 4.
An investigation has uncovered that the hackers main goal was to extract money from the school but the hackers were unsuccessful and preventative measures were in place to stop the incident.
Financially unrewarded by the cyber attack, the hackers may have obtained personal details about the students and staff such as PPS numbers and dates of birth.
Aware of the attack, Gardaí and the Office of the Data Protection Commissioner (ODPC) Helen Dixon are informed of the breach. Clare Ryan, the principal of the school informed parents that actions were taken in order to prevent future breaches:
Upon discovery, a thorough investigation was undertaken and we have taken immediate and appropriate steps to contain and remedy the breach and to prevent any re-ocurrence (sic). The Data [Protection] Commissioner has been informed and the matter has been reported to An Garda Síochána
Breaches that involve personal data will not be as simple in future. The new laws on Data Protection that are being introduced later this month mean businesses and organisations must notify users and authorities of a breach within 72 hours of discovering the hack - unless the information does not pose a risk to the person.