Affinity Learning Partnership, a UK education trust operating seven schools with over 650 employees, suffered a cyberattack via a third-party breach at software developer Intradev in August. The attack compromised employee personal data, including names, addresses, passport numbers, driving license details, and National Insurance numbers, stored by OnlineSCR (a DBS check provider for schools). The breach originated from Intradev, which detected unauthorized access on August 4, affecting multiple clients, including Access Personal Checking Services (APCS). While some staff faced minor exposure (e.g., surnames), others had high-risk data leaked, such as passport and National Insurance numbers. Affinity notified affected employees, offered CIFAS fraud protection, and advised precautionary measures, though the ICO did not mandate ID replacements. The incident underscores vulnerabilities in third-party supply chains and the targeting of education sector data due to limited cybersecurity budgets. The breach’s scope varied across schools, with potential long-term risks of identity theft or fraud for exposed staff.
Source: https://www.theregister.com/2025/09/05/uk_schools_intradev_breach/
TPRM report: https://www.rankiteo.com/company/affinity-trust
"id": "aff2564925090625",
"linkid": "affinity-trust",
"type": "Cyber Attack",
"date": "8/2025",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': '650+ staff (varies by school)',
'industry': 'Education',
'location': 'UK',
'name': 'Affinity Learning Partnership',
'size': '650+ staff, 3,000 students (7 schools)',
'type': 'Education Trust'},
{'industry': 'Technology',
'location': 'Hull, UK',
'name': 'Intradev',
'type': 'Software Developer'},
{'industry': 'Background Checks (DBS)',
'location': 'UK',
'name': 'OnlineSCR (Single Central Record Ltd)',
'type': 'Service Provider'},
{'industry': 'Criminal Record Checks',
'location': 'UK',
'name': 'Access Personal Checking Services (APCS)',
'type': 'Service Provider'}],
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': '650+ (staff across 7 schools)',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (PII, Government-Issued IDs, '
'Background Checks)',
'type_of_data_compromised': ['Names',
'Addresses',
'Qualified Teacher Status (QTS) '
'Numbers',
'Passport Numbers',
'Driving License Details',
'National Insurance Numbers',
'Background Check Details '
'(DBS)']},
'date_detected': '2023-08-04',
'description': 'A major UK education trust, Affinity Learning Partnership, '
'warned staff that their personal information (including '
'names, addresses, passport numbers, driving license details, '
'and National Insurance numbers) may have been compromised '
'following a cyberattack on software developer Intradev in '
'August 2023. The breach originated from Intradev, affecting '
'its customers like Access Personal Checking Services (APCS) '
'and OnlineSCR, which provide criminal record and DBS checks '
'for UK schools. Affinity operates seven schools with over 650 '
'staff and 3,000 students. The trust offered affected staff '
'two years of CIFAS protective registration to mitigate fraud '
'risks.',
'impact': {'brand_reputation_impact': ['Potential Trust Erosion',
'Media Coverage (The Register)'],
'data_compromised': True,
'identity_theft_risk': True,
'legal_liabilities': ['Potential ICO Investigation',
'Data Protection Violations (GDPR)'],
'operational_impact': ['Staff Notifications',
'Fraud Prevention Measures (CIFAS '
'Registration)',
'Potential Identity Theft Risks']},
'initial_access_broker': {'high_value_targets': ['Staff PII',
'DBS/Background Check Data']},
'investigation_status': 'Ongoing (Intradev conducting detailed review; ICO '
'response pending)',
'lessons_learned': ['Third-party vendors introduce significant supply chain '
'risks, especially in sectors with limited IT budgets '
'(e.g., education).',
'Sensitive data (e.g., DBS checks) requires robust '
'protection and monitoring across all service providers.',
'Proactive fraud prevention measures (e.g., CIFAS) can '
'mitigate post-breach risks for affected individuals.'],
'motivation': ['Data Theft', 'Financial Gain (Potential Fraud)'],
'post_incident_analysis': {'root_causes': ['Third-party vendor (Intradev) '
'breach',
'Potential inadequate security '
'controls for sensitive education '
'sector data',
'Supply chain vulnerability '
'exploitation']},
'ransomware': {'data_exfiltration': True},
'recommendations': ['Conduct third-party risk assessments for all vendors '
'handling sensitive data.',
'Implement multi-factor authentication (MFA) and '
'encryption for systems storing PII.',
'Establish clear incident response protocols for supply '
'chain breaches.',
'Provide identity theft protection services to affected '
'individuals as standard practice.'],
'references': [{'source': 'The Register',
'url': 'https://www.theregister.com'},
{'source': 'Browne Jacobson LLP (Legal Blog)'}],
'regulatory_compliance': {'legal_actions': ['Potential ICO Investigation'],
'regulations_violated': ['UK GDPR',
'Data Protection Act 2018'],
'regulatory_notifications': ['Information '
"Commissioner's Office "
'(ICO) Notified']},
'response': {'communication_strategy': ['Internal Staff Letters',
'Precautionary Steps Shared',
'Media Statements (via The Register)'],
'incident_response_plan_activated': True,
'remediation_measures': ['Staff Notifications',
'Fraud Prevention Support (CIFAS)'],
'third_party_assistance': ['CIFAS Protective Registration']},
'stakeholder_advisories': ['Internal staff notifications with precautionary '
'steps'],
'title': 'Data Breach at Affinity Learning Partnership via Intradev '
'Cyberattack',
'type': ['Data Breach', 'Third-Party Breach', 'Supply Chain Attack']}