Skip to content

Ladies' College acts swiftly after IT breach

Zhara SimpsonChannel Islands
News imageBBC A white and green sign held up with two pillars reads THE LADIES' COLLEGE GUERNSEY. Behind it is a car park which looks full and behind that is the college which appears to be three to four storeys and modern in design. BBC
The Office of the Data Protection Authority ordered The Ladies' College to improve its safety measures following a breach

The Ladies' College Guernsey "acted swiftly" after it was ordered to improve its security measures following an IT breach last year.

The Office of the Data Protection Authority said the college was unable to access several of its on-premises servers on 24 June 2024 and an investigation identified unauthorised access had been made to some of its systems.

An investigation carried out by the authority found while the college had systems in place that detected the suspicious authentication activity, it "did not implement appropriate processes to be notified of or monitor such detections".

It found the majority of encrypted information was not personal data and none related to students.

The authority said in a public statement the college also failed to secure an administrator account, used a weak password coupled with a failure to activate Multi-Factor Authentication (MFA) resulting in the account being "vulnerable to a brute force attack".

"Additionally, The Ladies' College failed to appropriately secure remote access to computers within its network, leaving them directly exposed to be accessed using compromised credentials," the authority said.

It found the college was in breach of the Data Protection Law and imposed an order requiring specific actions to improve its security of personal data and its processes.

'Acted swiftly'

Data protection commissioner Brent Homan said he was pleased the college "acted swiftly" to notify its office of the breach, cooperated with the investigation and implemented remedial measures "without delay".

"Effective processes to monitor and warn against security breaches are a key element of any security safeguard system, regardless of the sensitivity of the information held", said Mr Homan.

To date, the authority said there had been no evidence identified of any information being exfiltrated from The Ladies College systems.

"That said, we encourage all organisations to remain vigilant for potential misuses of data," it added.

Follow BBC Guernsey on X and Facebook and Instagram. Send your story ideas to [email protected].

More on this story
More on this story