Ladies' College acts swiftly after IT breach
The Office of the Data Protection Authority ordered The Ladies' College to improve its safety measures following a breach
The Ladies' College Guernsey "acted swiftly" after it was ordered to improve its security measures following an IT breach last year.
The Office of the Data Protection Authority said the college was unable to access several of its on-premises servers on 24 June 2024 and an investigation identified unauthorised access had been made to some of its systems.
An investigation carried out by the authority found while the college had systems in place that detected the suspicious authentication activity, it "did not implement appropriate processes to be notified of or monitor such detections".
It found the majority of encrypted information was not personal data and none related to students.
Source: https://www.bbc.com/news/articles/cwyxjzx5w3jo?at_medium=RSS&at_campaign=rss
Office of the Data Protection Authority cybersecurity rating report: https://www.rankiteo.com/company/odpa
"id": "ODP1764936273",
"linkid": "odpa",
"type": "Breach",
"date": "6/2024",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"{'affected_entities': [{'customers_affected': None,
'industry': 'Education',
'location': 'Guernsey',
'name': "The Ladies' College Guernsey",
'size': None,
'type': 'Educational Institution'}],
'data_breach': {'data_encryption': 'Yes',
'data_exfiltration': None,
'file_types_exposed': None,
'number_of_records_exposed': None,
'personally_identifiable_information': 'None '
'related '
'to '
'students',
'sensitivity_of_data': 'Majority not personal '
'data, none related to '
'students',
'type_of_data_compromised': 'Encrypted '
'information'},
'date_detected': '2024-06-24',
'description': "The Ladies' College Guernsey experienced an IT "
'breach where unauthorized access was made to '
'some of its systems. The Office of the Data '
'Protection Authority ordered the college to '
'improve its security measures after the '
'incident.',
'impact': {'brand_reputation_impact': None,
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': 'Encrypted information (majority '
'not personal data, none related '
'to students)',
'downtime': None,
'financial_loss': None,
'identity_theft_risk': None,
'legal_liabilities': None,
'operational_impact': 'Inability to access servers',
'payment_information_risk': None,
'revenue_loss': None,
'systems_affected': 'Several on-premises servers'},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'investigation_status': 'Completed',
'lessons_learned': 'The college had systems to detect suspicious '
'authentication activity but lacked processes '
'to monitor or be notified of such '
'detections.',
'post_incident_analysis': {'corrective_actions': 'Improvement of '
'security '
'measures',
'root_causes': 'Lack of processes to '
'monitor or be '
'notified of '
'suspicious '
'authentication '
'activity detections'},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'recommendations': 'Improve security measures and implement '
'appropriate processes for monitoring and '
'notification of suspicious activity.',
'references': [{'date_accessed': None,
'source': 'BBC News',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': 'Ordered '
'to '
'improve '
'security '
'measures '
'by the '
'Office of '
'the Data '
'Protection '
'Authority'},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': None,
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'title': "Ladies' College IT Breach",
'type': 'Unauthorized Access'}