The learning website of an Irish teachers' union has suffered a breach that might have exposed some members' personal information.
On 11 September 2017, the Irish National Teachers' Organization (INTO), one of Ireland's oldest and largest teachers' trade unions, announced a security incident involving unauthorized access of its Learning website. This site is separate from INTO's membership database, which remains unaffected by the breach. INTO believes hackers from overseas carried out the hack to secure a staging ground for sending out spam messages. They therefore targeted a server on which data pertaining to the learning website resided.
As of this writing, the union's learning portal remains offline.
IT Governance reports
that the breach might have compromised the data of up to 30,000 teachers. Those exposed bits of information include names, email addresses, and course information for members who, among other things, used the site to book retirement planning courses, principal seminars, and trade union training. In a limited number of instances, the breach might have also exposed mobile numbers, INTO membership numbers, and Teacher Council registration numbers.
INTO says it's intent on minimizing the risk posed to members by the incident. As quoted in a statement posted to its website
"We have taken down the INTO Learning site as a precaution and are awaiting a full report on the attack from the company that manages the website for us. We are in the process of contacting all affected members directly. When the website is back up and running we will advise members who have such accounts to change their account passwords as a precautionary measure and a matter of best practice."
In the meantime, the teachers' union has notified the Office of the Data Protection Commissioner, is reviewing the security of its learning website, and is seeking to commission a digital security expert in an effort to prevent similar events in the future.
News of this breach follows approximately one year after a BitSight survey found
that the U.S. education sector ranked as the industry most targeted by ransomware attacks.