Unsecured student details discovered at British Council’s data provider

Unsecured student details discovered at British Council’s data provider

The British Council is one of the world’s leading champions of education and empowering young people to learn English and transform their lives through learning and qualifications. But it seems the organisation and its data provider could learn some lessons of its own when it comes to cybersecurity and protecting its data. 

Cybersecurity software company, Clario, and renowned cybersecurity researcher, Bob Diachenko, found an open and unprotected Microsoft Azure blob repository. This contained 144,000+ files with personal and login details of British Council students, potentially putting them and their personal information at risk. 

The British Council provided the following statement: ‘The British Council takes its responsibilities under the Data Protection Act 2018 and General Data Protection Regulations (GDPR) very seriously. The privacy and security of personal information is paramount.

‘Upon becoming aware of this incident, where the data was held by a third-party supplier, the records in question were immediately secured, and we continue to look into the incident in order to ensure that all necessary measures are and remain in place. 

‘We have reported the incident to the appropriate regulatory authorities and will fully cooperate with any investigation or further actions required’.

Click below to share this article

Browse our latest issue

Intelligent CIO Europe

View Magazine Archive