HQ/EMEAFind out how we can help your business
Troves of UK student records suffered exposure due to an accidental data leak in the server of a software company.
Based on reports, this latest mishap has endangered countless students’ personal details, grades, and photos. The leak became apparent after a researcher encountered the leaked details on a misconfigured cloud server.
This mistake impacted hundreds of thousands of students in the United Kingdom. The researcher shared his discovery with a cybersecurity platform, revealing how a UK-based company providing school software has accidentally opened a pathway to a potential data breach.
The leak that affected the UK student records occurred late last month.
Before the news of the exposed UK student records went public on March 27, 2024, researchers found that the server contained nearly a million records, including approximately 214,000 unique images of children.
These records, dating from 2017 to 2023, comprised sensitive information such as student names, subjects studied, academic achievements, and even signs of learning difficulties.
The server in question belonged to OTrack, also known as Optimum Pupil/Sonar Tracker, which Juniper Education developed. OTrack is widely used by over 7,000 primary and secondary schools throughout the United Kingdom to monitor student performance and manage school operations.
This instance is not the first time student data has been exposed. Earlier this year, a similar incident affected students from a school in Texas. In that case, the safety software provided by Raptor Technologies accidentally made over 4 million records publicly accessible.
The researchers promptly informed the relevant authorities, immediately closing public access to the server. However, concerns still arose about whether unauthorised individuals managed to access the data and how it might have been misused. Hence, the academic institution executed an internal investigation to understand the extent of the breach.
The company responsible for the accidental leak has admitted its fault, contrary to other firms denying such incidents. The company assured everyone that they had already addressed the issue.
Still, these incidents show the importance of prioritising cybersecurity, especially when dealing with sensitive information belonging to minors. Therefore, increasingly relying on digital platforms, educational institutions should implement robust measures to protect student data.
