Anna Zhadan reports:
The Bishop of Hereford’s Bluecoat School in the Tupsley district of Hereford, England, suffered a data breach back in October, when threat actors attacked the institution’s systems. However, at the time, the school reassured that the personal information of students and staff was safe.
Yet now, the school, which has around 1000 students, informed parents that cybercriminals released full names, addresses, unique pupil numbers, dates of birth, gender, ethnicity, additional special educational needs information, multi-agency safeguarding hub reports, and police incident reports of pupils on the darkweb.
Read more about the attack by Vice Society at CyberNews.com.
Too many entities rush to reassure people that their personal information is safe, only to find out later that they were wrong. Perhaps it would be better to be more conservative in initial disclosures or to assume that ransomware groups will have exfiltrated data that they feel is sensitive enough to motive their victims to pay up?