The Ladies College has improved its security measures after a data breach affecting the school’s servers in 2024.
There was no evidence of pupil data, or other personal data, being accessed or copied, but other ‘limited data’ was encrypted by hackers. That has since been recovered.
The College self reported itself to the Office of the Data Protection Authority in June 2024 as soon as staff realised they couldn’t access several on-site servers.
The initial investigation, carried out by the College, found there had been unauthorised access with some data encrypted with ransomware.
The Data Protection Authority’s own investigation found that while The Ladies’ College had systems in place to detect suspicious authentication activity, it did not implement appropriate processes to be notified of or monitor such detections.
It said the College was in breach of the Data Protection Law because it had failed to appropriately secure its administrator account, using a weak password and not using Multi-Factor Authentication, and it also failed to appropriately secure remote access to computers within its network, leaving them directly exposed.
The OPDA said the Ladies’ College has since met all requirements to improve its data security and that there’s never been any evidence that the data compromised in 2024 has ever been used elsewhere.
Pictured: Brent Homan, Data Protection Commissioner.
“Effective processes to monitor and warn against security breaches are a key element of any
Source: https://www.bailiwickexpress.com/news-ge/ladies-college-it-security-improved-after-data-breach/
Ladies' College Colombo Sri Lanka cybersecurity rating report: https://www.rankiteo.com/company/ladies-college-colombo-sri-lanka
"id": "LAD1765094804",
"linkid": "ladies-college-colombo-sri-lanka",
"type": "Ransomware",
"date": "12/2025",
"severity": "50",
"impact": "1",
"explanation": "Attack without any consequences"{'incident': {'affected_entities': [{'customers_affected': None,
'industry': 'Education',
'location': None,
'name': 'The Ladies College',
'size': None,
'type': 'Educational Institution'}],
'attack_vector': 'Remote access',
'data_breach': {'data_encryption': 'Yes (ransomware)',
'data_exfiltration': 'No evidence of data being '
'accessed or copied',
'file_types_exposed': None,
'number_of_records_exposed': None,
'personally_identifiable_information': 'No '
'evidence '
'of pupil '
'or '
'personal '
'data '
'being '
'compromised',
'sensitivity_of_data': None,
'type_of_data_compromised': 'Limited data '
'(non-pupil or '
'personal data)'},
'date_detected': '2024',
'date_publicly_disclosed': '2024-06',
'date_resolved': '2024',
'description': 'The Ladies College improved its security '
'measures after a data breach affecting the '
'school’s servers in 2024. There was no evidence '
'of pupil data or other personal data being '
'accessed or copied, but other ‘limited data’ was '
'encrypted by hackers. The data has since been '
'recovered.',
'impact': {'brand_reputation_impact': None,
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': 'Limited data encrypted',
'downtime': None,
'financial_loss': None,
'identity_theft_risk': None,
'legal_liabilities': None,
'operational_impact': 'Inability to access several '
'on-site servers',
'payment_information_risk': None,
'revenue_loss': None,
'systems_affected': 'On-site servers'},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': 'Remote access',
'high_value_targets': None,
'reconnaissance_period': None},
'investigation_status': 'Completed',
'lessons_learned': 'Effective processes to monitor and warn '
'against security breaches are critical. Weak '
'passwords and lack of Multi-Factor '
'Authentication increase vulnerability. '
'Remote access must be secured.',
'post_incident_analysis': {'corrective_actions': 'Secured '
'administrator '
'accounts, '
'implemented '
'Multi-Factor '
'Authentication, '
'secured remote '
'access, '
'improved '
'monitoring '
'processes',
'root_causes': 'Weak administrator '
'password, lack of '
'Multi-Factor '
'Authentication, '
'exposed remote '
'access, inadequate '
'monitoring of '
'suspicious '
'authentication '
'activity'},
'ransomware': {'data_encryption': 'Yes',
'data_exfiltration': 'No evidence',
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'recommendations': 'Implement Multi-Factor Authentication, use '
'strong passwords, secure remote access, '
'monitor suspicious authentication activity, '
'and establish processes to detect and '
'respond to security breaches.',
'references': [{'date_accessed': None,
'source': 'Office of the Data Protection '
'Authority',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': 'Data '
'Protection '
'Law',
'regulatory_notifications': 'Self-reported '
'to the '
'Office of '
'the Data '
'Protection '
'Authority'},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'Self-reported to the '
'Office of the Data '
'Protection Authority',
'containment_measures': None,
'enhanced_monitoring': 'Implemented processes to '
'monitor and warn against '
'security breaches',
'incident_response_plan_activated': None,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': 'Data recovered',
'remediation_measures': 'Improved security '
'measures, secured '
'administrator accounts, '
'implemented Multi-Factor '
'Authentication, secured '
'remote access',
'third_party_assistance': None},
'title': 'Data Breach at The Ladies College',
'type': 'Ransomware',
'vulnerability_exploited': 'Weak administrator password, lack of '
'Multi-Factor Authentication, exposed '
'remote access'}}