BreachExchange mailing list archives
Data of 9, 735 teachers shared after 'phishing' email breach
From: Destry Winant <destry () riskbasedsecurity com>
Date: Mon, 30 Mar 2020 09:16:57 -0500
https://www.independent.ie/irish-news/education/data-of-9735-teachers-shared-after-phishing-email-breach-39083093.html A data breach at the Teaching Council has led to personal information relating to 9,735 teachers being shared. The council, which holds personal data on 104,000 serving and retired teachers, has alerted those affected and said it was "not likely to result in any real risk to you in circumstances where limited personal data was disclosed". The data included name, address, PPS number, Teaching Council registration number, the month they joined the register and their renewal date. Certain information relating to vetting, including the clearance data, status and reference number was also disclosed. However, no financial or criminal conviction data was included, nor was the teacher's email address. In an email to affected teachers on Thursday, the council said it had recently become aware of the incident. In a statement yesterday, Teaching Council director Tomás Ó Ruairc said they had identified that there was an unauthorised attempt by an external source to access a small number of email accounts on the council's servers. A 'phishing' email, sent to a small number of its staff, caused a script to be activated that established an auto-forwarding rule for subsequent emails being sent to the staff members concerned. "This meant that emails received from those staff members were automatically forwarded to an external Gmail account for a short period of time," he said. Included as an attachment to one of the emails that was forwarded was a spreadsheet containing the registration details of a number of registered teachers, including data relating to some teachers. Mr Ó Ruairc said the Teaching Council took the matter and the security of data very seriously and apologised for any inconvenience caused. "The circulation of such attachments in the council is not normal practice and steps have been taken to ensure that this does not happen again." He said it was a strictly isolated incident and the wider systems or databases of the Teaching Council had not been affected. The council notified to the Data Protection Commissioner (DPC) and, following its own investigation into the matter, has provided updates to the DPC. Although a teacher's email address was not disclosed, and those affected have been told that the risk of a security threat was not likely, the council has advised that they remain vigilant. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Data of 9, 735 teachers shared after 'phishing' email breach Destry Winant (Mar 30)