A clumsy data breach has affected hundreds of children at a Birmingham secondary school.
The school said in an email to parents that students in Year 7, up to and including Year 11 (ages 11-16), had their names, gender, dates of birth, and their parents’ contact details exposed via a spreadsheet mistakenly shared with other parents.
According to aggrieved parents, the school sent an email seeking consent for their children to receive flu jabs, but upon clicking a link in that message, the spreadsheet began downloading.
Tudor Grange told The Register that the data exposure was active between 0950 and 0959 local time on Monday, September 8, and was only visible to those with access to the school’s Bromcom-powered intranet.
“The breach involved the accidental disclosure of a spreadsheet sent to our parent body that contained student names, DOB, gender, parent/carer contact telephone numbers of students in Years 7 to 11,” it said in a statement.
“We have apologised to our school community for this incident and have been responding to any concerns throughout.
“Our first step was to contain the breach by contacting our management information system provider and ensuring that the SMS message was removed and recalled.
“We also asked parents/carers who received this information to delete it as soon as possible.
“We have reported this to the Trust Data Protection Officer, who is investigating this breach, will liaise with the ICO as necessary and will put measures in place to ensure this doesn’t happen again.”
Tudor Grange currently teaches 1,198 students, including its sixth form, according to government statistics.
The Register asked the school how the breach came to pass, and exactly how many children were affected, but it did not comment beyond its official statement.
One mother, who spoke to Birmingham Live, expressed concern that her child was put at risk due to the breach, adding that the spreadsheet contained “the whole of the school on it.”
“I emailed the school about it and they said an error had been made,” she said. “The link had been removed from Bromcom, which is an intranet system for the school. This put my child’s safety at risk.” ®
**Get our** Tech Resources
A clumsy data breach has affected hundreds of children at a Birmingham secondary school.
According to aggrieved parents, the school sent an email seeking consent for their children to receive flu jabs, but upon clicking a link in that message, the spreadsheet began downloading.
“We have apologised to our school community for this incident and have been responding to any concerns throughout.
“I emailed the school about it and they said an error had been made,” she said.
“The link had been removed from Bromcom, which is an intranet system for the school.
A clumsy data breach has affected hundreds of children at a Birmingham secondary school.
The school said in an email to parents that students in Year 7, up to and including Year 11 (ages 11-16), had their names, gender, dates of birth, and their parents’ contact details exposed via a spreadsheet mistakenly shared with other parents.
According to aggrieved parents, the school sent an email seeking consent for their children to receive flu jabs, but upon clicking a link in that message, the spreadsheet began downloading.
Tudor Grange told The Register that the data exposure was active between 0950 and 0959 local time on Monday, September 8, and was only visible to those with access to the school’s Bromcom-powered intranet.
“The breach involved the accidental disclosure of a spreadsheet sent to our parent body that contained student names, DOB, gender, parent/carer contact telephone numbers of students in Years 7 to 11,” it said in a statement.
“We have apologised to our school community for this incident and have been responding to any concerns throughout.
“Our first step was to contain the breach by contacting our management information system provider and ensuring that the SMS message was removed and recalled.
“We also asked parents/carers who received this information to delete it as soon as possible.
“We have reported this to the Trust Data Protection Officer, who is investigating this breach, will liaise with the ICO as necessary and will put measures in place to ensure this doesn’t happen again.”
Tudor Grange currently teaches 1,198 students, including its sixth form, according to government statistics.
The Register asked the school how the breach came to pass, and exactly how many children were affected, but it did not comment beyond its official statement.
One mother, who spoke to Birmingham Live, expressed concern that her child was put at risk due to the breach, adding that the spreadsheet contained “the whole of the school on it.”
“I emailed the school about it and they said an error had been made,” she said. “The link had been removed from Bromcom, which is an intranet system for the school. This put my child’s safety at risk.” ®
Get our Tech Resources
