Cyber Incident Victim: AOA

On March 21, 2017, the examination board AQA detected malicious cyber activity targeting its online systems and immediately took the affected systems offline to address security vulnerabilities. Initial assessments suggested no data exfiltration had occurred. However, following a detailed forensic investigation concluded on April 6, AQA confirmed attackers had successfully accessed and stolen personal data belonging to 64,000 current and former examiners. The compromised information included names, home addresses, personal phone numbers, security question answers, and passwords used for AQA’s examiner systems. AQA clarified that the breached systems did not contain financial details, student or school records, or examination materials, limiting the scope to examiner credentials and contact data. The e-AQA platform used by schools and colleges was temporarily taken offline as a precautionary measure but was not directly involved in the breach.

AQA initiated password resets for all compromised examiner accounts and directly notified affected individuals about the theft of their personal data. The board reported the incident to Ofqual, the qualifications regulator, and the Information Commissioner’s Office (ICO), which launched an investigation into potential violations of the Data Protection Act. AQA’s chief information officer, David Shaw, publicly acknowledged the breach, emphasizing the organization’s significant but unsuccessful efforts to prevent the attack while apologizing to impacted examiners. The ICO’s inquiry focused on whether AQA had complied with data protection obligations, with potential outcomes ranging from warnings to financial penalties. AQA assured students and parents that summer examinations would proceed unaffected, citing the segregation of exam materials from the compromised systems. The incident highlighted persistent cybersecurity risks within the education sector, following earlier warnings about ransomware and phishing campaigns targeting schools.