Teaching Council fined €60,000 after teacher data leaked in phishing scam

The statutory body with responsibility for regulating teachers has been fined €60,000 after the personal data of more than 9,700 people was leaked via a phishing scam.

The Data Protection Commission delivered the fine, and a reprimand, to the Teaching Council following an investigation spanning just under two years.

The initial breach occurred when two council staff members opened a suspicious email, which facilitated the creation of an auto-forward rule allowing for emails to be forwarded from the council’s servers to a malicious Gmail address.

Some 323 emails, containing the personal data of 9,735 people and the sensitive personal data of one person, were automatically forwarded from the compromised accounts between February 17 and March 6, 2020, when the problematic rule was eventually discovered.

In addition to the fine and the official reprimand, the commission said the Teaching Council must bring its processes into line with the EU’s GDPR data protection legislation by June 2 at the latest.

Alerts made

The commission noted that the Teaching Council had been made aware via an alert that a forwarding rule had been created within its staff email servers. However, the council “did not discover at that time” that the breach had occurred due to “no evidence of malware” being noted. Four alerts were sent to the council’s IT section before the problem was recognised.

The commission said the precise number of affected data subjects could not be provided by the…

Leave a Reply Cancel reply

Related News

You may have missed