Ladies' College acts swiftly after IT breach
The Office of the Data Protection Authority ordered The Ladies' College to improve its safety measures following a breach
The Ladies' College Guernsey "acted swiftly" after it was ordered to improve its security measures following an IT breach last year.
The Office of the Data Protection Authority said the college was unable to access several of its on-premises servers on 24 June 2024 and an investigation identified unauthorised access had been made to some of its systems.
An investigation carried out by the authority found while the college had systems in place that detected the suspicious authentication activity, it "did not implement appropriate processes to be notified of or monitor such detections".
It found the majority of encrypted information was not personal data and none related to students.
Source: https://www.bbc.com/news/articles/cwyxjzx5w3jo
Past Pupils Association of Buddhist Ladies College, Colombo 7 cybersecurity rating report: https://www.rankiteo.com/company/past-pupils-association-of-buddhist-ladies-college-colombo-7
"id": "PAS1764921820",
"linkid": "past-pupils-association-of-buddhist-ladies-college-colombo-7",
"type": "Breach",
"date": "6/2024",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"{'affected_entities': [{'customers_affected': None,
'industry': 'Education',
'location': 'Guernsey',
'name': "The Ladies' College Guernsey",
'size': None,
'type': 'Educational Institution'}],
'data_breach': {'data_encryption': 'Yes',
'data_exfiltration': None,
'file_types_exposed': None,
'number_of_records_exposed': None,
'personally_identifiable_information': 'None',
'sensitivity_of_data': 'Majority not personal '
'data, none related to '
'students',
'type_of_data_compromised': 'Encrypted '
'information'},
'date_detected': '2024-06-24',
'description': "The Ladies' College Guernsey experienced an IT "
'breach where unauthorized access was made to '
'some of its systems. The Office of the Data '
'Protection Authority ordered the college to '
'improve its security measures after the '
'incident.',
'impact': {'brand_reputation_impact': None,
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': 'Encrypted information (majority '
'not personal data, none related '
'to students)',
'downtime': None,
'financial_loss': None,
'identity_theft_risk': None,
'legal_liabilities': None,
'operational_impact': 'Inability to access servers',
'payment_information_risk': None,
'revenue_loss': None,
'systems_affected': 'Several on-premises servers'},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'investigation_status': 'Completed',
'lessons_learned': 'The college had systems to detect suspicious '
'activity but lacked processes to monitor or '
'be notified of such detections.',
'post_incident_analysis': {'corrective_actions': 'Improve '
'security '
'measures as '
'ordered by the '
'Office of the '
'Data '
'Protection '
'Authority',
'root_causes': 'Lack of processes to '
'monitor or be '
'notified of '
'suspicious '
'authentication '
'activity'},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'recommendations': 'Implement appropriate processes to monitor '
'and be notified of suspicious authentication '
'activity.',
'references': [{'date_accessed': None,
'source': 'BBC News',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': 'Ordered '
'to '
'improve '
'security '
'measures '
'by the '
'Office of '
'the Data '
'Protection '
'Authority'},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': None,
'containment_measures': None,
'enhanced_monitoring': 'Ordered to improve security '
'measures',
'incident_response_plan_activated': 'Yes',
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'title': "Ladies' College IT Breach",
'type': 'Unauthorized Access'}