Hackers have leaked private information from some Kent schools onto the dark web in a cyber attack.
A “limited” number of files from a small number of county schools were posted last week, the Local Democracy Reporting Service (LDRs) understands.
It comes four months after the Kent Learning Zone, part of an education network run by Cantium, was subjected to a “highly sophisticated” cyber attack in June 2021, according to the IT provider.
However, Kent Police last week informed Cantium that data has been uploaded on a part of the internet which is not accessed through search engines, known as the dark web.
Investigations are being carried out as a “matter of urgency” to establish the precise nature of any impacted data and the identitiy of any affected users.
The incident has been reported to the UK’s Information Commissioner’s Office.
A spokesman for Cantium said: “We are working closely with the relevant authorities and the Information Commissioner’s Office to establish what happened.
“We would like to reassure customers that we take the safety and security of their data very seriously and are working hard to protect and inform all stakeholders at this time.
“Cantium has retained the services of legal counsel to advise on regulatory and reporting obligations.”
The spokesman added: “We will be in touch again with guidance and assistance, as appropriate.”
There are around 600 secondary and primary schools across the county’s 12 districts, excluding Medway, however only a “very few” have been affected.
A new helpline has been set up so that any Kent schools concerned about the breach can talk to an adviser.
Meanwhile, a small number of files in the Kent Connects portal, which is used by public authorities such as Kent and Medway councils, Kent Police and the fire service, were taken during the same attack earlier this year.
Kent County Council (KCC), the local education authority, is working closely with Cantium to establish the potential consequences as they take positive action.
Recently, KCC has closed Kent Connects portal and taken a “precautionary” measure of updating passwords for all of its users, such as local authority staff.
A County Hall spokesman said: “In June 2021, our IT provider Cantium detected an outage caused by a cyber-attack on a very specific part of its education network, the Kent Learning Zone (KLZ).
“The outage was swiftly fixed, reported by Cantium to the Information Commissioner and continues to be investigated. KCC’s main systems are separate and were unaffected.
“Last Tuesday (November 9) we were notified that some data sets obtained in the attack have been made available on the part of the internet that is only accessible via specialist software – the Dark Web.”
KCC says it takes the safety and security of data “very seriously” as its services, such as education and public health, continue to operate as normal.
The spokesman added: “We will continue to ensure all necessary action is taken to protect and inform anyone who may have been affected by this breach of Cantium’s system.”
The cyber attack comes 18 months after a criminal gang demanded a cash sum of £800,000 from a KCC-owned company, who leaked private information onto the dark web.
The assailants encrypted a “significant number” of systems and data from Aylesford’s Kent Commercial Services Group (KCS) in the operation on April 2, 2020.
“We will continue to ensure all necessary action is taken to protect and inform anyone who may have been affected…”
Another data breach occurred last year involving the University of Kent, who were among 125 organisations targeted in a “sophisticated ransom-ware attack” in May 2020.
News from our universities, local primary and secondary schools including Ofsted inspections and league tables can be found here.
Read more: All the latest news from Kent