The Ladies College has improved its security measures after a data breach affecting the school’s servers in 2024.
There was no evidence of pupil data, or other personal data, being accessed or copied, but other ‘limited data’ was encrypted by hackers. That has since been recovered.
The College self reported itself to the Office of the Data Protection Authority in June 2024 as soon as staff realised they couldn’t access several on-site servers.
The initial investigation, carried out by the College, found there had been unauthorised access with some data encrypted with ransomware.
The Data Protection Authority’s own investigation found that while The Ladies’ College had systems in place to detect suspicious authentication activity, it did not implement appropriate processes to be notified of or monitor such detections.
It said the College was in breach of the Data Protection Law because it had failed to appropriately secure its administrator account, using a weak password and not using Multi-Factor Authentication, and it also failed to appropriately secure remote access to computers within its network, leaving them directly exposed.
The OPDA said the Ladies’ College has since met all requirements to improve its data security and that there’s never been any evidence that the data compromised in 2024 has ever been used elsewhere.
“Effective processes to monitor and warn against security breaches are a key element of any security safeguard system, regardless of the sensitivity of the information held”, said Data Protection Commissioner Brent Homan.
“We are pleased that the Ladies’ College acted swiftly to notify our office of the breach, cooperated with the investigation and implemented remedial measures without delay.”
The Ladies’ College said it reacted quickly on discovering the data breach and there was no disruption to teaching while its own investigation and the ODPA’s work was carried out.
“Whilst limited data was encrypted, and has since been recovered, there was no evidence of data (including pupil data) being accessed and/or copied,” the College reiterated.
“The Ladies’ College has cooperated fully with the ODPA’s investigations, and we have implemented a range of measures to enhance the security of our IT systems.
“The Ladies’ College takes data security very seriously; we are committed to protecting the personal information of our students, parents and staff, and are grateful for the support of the ODPA throughout this process.”