Thousands of examiners’ personal details stolen in AQA cyber-attack
Data relating to 64,000 examiners stored on some of AQA’s online systems has been stolen by attackers, including examiners’ name, address, personal phone numbers, and passwords.
However the board stressed the systems attacked did not store any bank details, nor data belonging to schools or pupils, or exam material.
AQA said it was alerted to the attack on March 21 and took the affected systems offline immediately to fix security issues.
A spokesperson said “first indications” were that no data was stolen, however AQA discovered on April 6 – more than two weeks later – that some data had actually been accessed. It showed up as part of a “thorough forensic analysis” run by the exam board.
David Shaw, AQA’s chief information officer, said: “We’re really disappointed that this has happened despite our huge efforts to keep our systems secure, and we’re very sorry that our examiners have been affected.
AQA said it is contacting all examiners whose details have been taken, as well as reporting the attack to Ofqual and the ICO.
AQA told examiners it takes cyber security “very seriously” and has measures in place to protect everyone’s personal information. While the measures did not prevent the “malicious activity, it did help us limit the impact”, the board said.
It’s the latest cyber-attack to hit the education sector. Schools were warned in January to beware of scammers posing as government officials in a bid to illicit details and hold important computer files to ransom.