The U.K. government is facing criticism for allowing betting firms to access the Department for Education (DfE) database, called the Learning Record Service, which contained personal data of 28 million children. The database stores information on students aged 14 years and above, from schools and colleges in England, Wales and North Ireland for academics and education purposes. The exposed information included names, ages, addresses, and personal details.
According to a report published by the Sunday Times, Trustopia, a third-party training provider, apparently violated an agreement with the government and gave the database access to data intelligence company GB Group. It’s said that GB Group and its clients, gambling firms Betfair and 32Red, apparently accessed the data for age and ID verification on their websites.
It’s believed that Betfair and 32Red used this information to increase the ratio of youngsters who gamble online. However, Trustopia denied giving database access to GB Group. The DfE and GB Group have notified the incident to U.K.’s privacy protection body Information Commissioner’s Office.
Many industry experts criticized the Department for Education’s diligence practice and asked for an investigation.
In a related news, Active Network, a provider of web-based school accounting software, disclosed a security breach that affected thousands of students’ data.
According to the official notice, unknown intruders gained access to Active Network’s Blue Bear platform, a software that facilitates administration and management of school accounting, student fees and online stores on behalf of schools and other educational institutions.
Active Network stated that the personal information of students or parents who accessed the school’s Blue Bear software between October 1 and November 13, 2019, were affected in the incident. It’s believed that hackers accessed users’ private data like name, payment card number, expiration date, security code, and Blue Bear account usernames and passwords. However, the company clarified that the incident didn’t affect users’ social security numbers, driver license numbers, or similar government ID card numbers.