A college has advised students and staff to check their financial data after it fell victim to a cyber attack.

Swindon College said a targeted attack resulted in unauthorised access to the personal data of both present and former staff and students. It said those who may be affected should check their bank accounts to identify any suspicious activity.

The Information Commissioner’s Office and National Crime Agency have been informed.

The further education college said a criminal investigation was ongoing. In a statement, it said it knew there would be cause for concern and said it would contact all individuals affected with more detail “as soon as we are able to do so”.

Our view

Pseudonymisation is a data management and de-identification procedure by which personally identifiable information fields within a data record are replaced by one or more artificial identifiers, or pseudonyms.

80% of data breaches are people problems. Have you minimised the risk? What is your procedure? In many cases businesses or institutions will have separate information so it has to be watertight as to what staff do.

Here’s a small checklist for compliance:

Achieve Customer Consent.
Appoint A Data Protection Officer (DPO) Your data protection officer (DPO) is your point person to ensure GDPR compliance
Perform A Data Protection Impact Assessment (DPIA)
Act immediately on any potential data breaches
Respect people’s right to be forgotten