‘No individual data’ compromised during massive DfE breach, minister claims

Written by Sam Trendall on 27 January 2020 in News
News

Access to information in the Learning Records Service – which contains data on 28 million children – was provided via a third-party firm

Credit: Eric E Castro/CC BY 2.0

No personal information was affected by during a Department for Education data breach that affected a reported 28 million children and young people, according to universities minister Chris Skidmore.

An investigation by the Sunday Times recently revealed that “data intelligence” firm GB Group – whose clients include a number of gambling firms – had been allowed to access the government’s Learning Records Service database, which is run by the DfE’s Education and Skills Funding Agency.

The information store contains data on 28 million students aged 14 and over across the UK. The service allows companies and educational institutions to register as learning or training providers. It then permits registered providers to use the data to verify the academic records of potential new students.


Related content​


It has been reported that personal information including names and addresses was affected by the breach. But, in answer to a written parliamentary question from Labour MP Catherine West, Skidmore suggested that this was not the case. 

“The recent use of the Learning Records Service by a data broker was unauthorised and not sanctioned by the department,” he said. “There was no data released about individual learners, only a confirmation or denial that a record existed.”

GB Group was reportedly given access to the database by Trustopia – which is a screening specialist, and not a training provider.

It is not known why such a company was given access the LRS, but the DfE has since indicated that it has stopped working with the firm. 

In addition to undertaking its own investigations into the breach, the department is also supporting enquiries being made by the Information Commissioner’s Office.

In answer to another question, from Liberal Democrat MP Layla Moran, Skidmore said: “The department is conducting thorough and urgent investigations into this, which will conclude shortly. In addition to internal investigations, the department is working with the Information Commissioner’s Office to provide information on the events around this unsanctioned and unauthorised use of the Learning Records Service data by a third party.”

The Learning Records Service was temporarily disabled in the immediate aftermath of the breach, but it now appears to be back up and running.

 

About the author

Sam Trendall is editor of PublicTechnology

Share this page

Tags

Categories

CONTRIBUTIONS FROM READERS

Please login to post a comment or register for a free account.

Related Articles

Online safety: How police, public sector and tech firms have reached a data-sharing stalemate
21 May 2021

With the Online Safety Bill now published, former police superintendent Iain Donnelly writes for PublicTechnology on the challenges that need to be overcome in order to ensure the law’s...

PublicTechnology research: five things we learned about the future of digital government
22 April 2021

A recent study finds that the pandemic has boosted budgets – but legacy tech remains a big barrier to progress

Related Sponsored Articles

"The inflection point is here": how Covid is driving digital transformation in health
9 June 2021

It’s been one of the most challenging years for healthcare providers, but Salesforce sees lasting change from accelerated digital transformation

The largest ever UK public sector cloud transformation unlocks cost savings and innovation
17 May 2021

Cloud-based applications can provide ways for agencies and departments to innovate and operate in new ways, as the past year has highlighted they must, writes Oracle