Alert over students’ details on dark web
A GROUP of students and apprentices at a Somerset college have been left highly vulnerable to fraudsters after their personal details were released following a cyber attack.
It means criminals could have access to their names, addresses, passwords and other details.
The students, all apprentices studying on a special civil service work-related course at Bridgwater and Taunton College, have had their details leaked onto the dark web.
The breach, which occurred in January, is so serious the Cabinet Office has written to each of the students warning them to be on their guard and offering them support and a one-year subscription to a credit-checking organisation. Individuals’ names, addresses, phone numbers, next of kin details, national insurance numbers and signatures were among the details obtained in the attack.
Some of these have now been found on the dark web, meaning they could be targeted by criminals and scammers.
In a letter to the apprentices, the Cabinet Office urged them to be on the lookout for signs of identity fraud, such as unusual payments or direct debits on their bank statements, or important mail going missing.
Investigations into the attack are ongoing. The letter stressed no civil service system had been breached and the records system for learners had not been compromised.
A spokesman for Bridgwater and Taunton College said: “As part of the forensic investigation, our IT experts recently identified that enrolment data relating to a small cohort of students on the Business Administration Level 4 apprenticeship programme was impacted. We take our data protection responsibilities incredibly seriously and informed the Cabinet Office via their service provider without delay.”
A Cabinet Office spokesperson said: “We can confirm that a personal data breach involving a number of civil service apprentices occurred earlier this year. This breach, as a result of a ransomware attack, has been reported to the Police and the Information Commissioner’s Office.”
PCS, the civil service’s biggest union, said the breach had left affected apprentices in a “threatening and distressing situation” and the disclosure of their personal details as well as home addresses and contact numbers posed an unacceptable risk to individual and departmental security.
The union added staff whose data had been compromised could potentially also be exposed to extortion attempts.