GDPR
»Æ¹ÏÊÓƵ is fully committed to complying with the EU General Data Protection Regulation.
We have implemented an Information Governance Framework to ensure that we have the correct policies, procedures, publications and tools to be compliant. Additionally, all of our staff have access to data protection and cyber security training.
Click here to submit a .
If you have any questions or comments, please contact dataprotection@tkat.org and we will do our best to help you.
Notification of a Data Incident Draft Statement to be placed on tkat.org and TBCC Websites
Regrettably, I am writing this statement to advise that on the 27th of December 2023, systems at the Thomas Bennett Community College were compromised in a sophisticated cyber incident.
It has been confirmed that during the incident that some of the systems within the school had been accessed by an unauthorised party and data has been copied.
Since the incident, our in-house experts and expert external support have confirmed that the following data has been copied as part of the incident
- First name
- Last name
- Registered Address Data
- Year Group
- Assessment data
- ID Photographs
The age of the data in impacted systems spans from 2002 to 2023 however a large volume of data within this date range is commercial data rather than personal data in nature.
There is no indication that financial data including banking information, passport information or medical data has been accessed as part of this incident.
As part of the management of this breach we are working with the relevant authorities, including the Information Commissioner’s Office, Action Fraud and external specialists.
We know this will cause concern to members of our school community and we are very sorry for this.
Our priority is to resolve this issue and provide information to those affected as soon as we are able to, and we are focusing all available resources.
Likely Risk and Mitigation
Our review has indicated that the risk to individual members of the TBCC community is low, however a breach of this type could increase the risk of identity theft or fraud.
You should be vigilant to any suspicious phishing emails. The NCSC has guidance for individuals advising on how to protect against the impacts of data breaches: . There is also .
To prevent a recurrence of this type of breach »Æ¹ÏÊÓƵ are taking several steps:
- We are reviewing and updating our systems and working with external experts to assess our security posture and implement more robust security controls
- We have updated our network architecture to improve our security defences
- We are in the process of updating our security protocols across all of our schools
Contact Details
If you have any additional concerns, you can contact the Trusts Data Protection Officer via dataprotection@tkat.org
Craig Clark
Data Protection Officer
Documents
| »Æ¹ÏÊÓƵ GDPR |
|---|