Cyber Incident Victim: New Skills Academy

New Skills Academy, an online learning provider headquartered in Hertford, United Kingdom, experienced a data breach compromising customer account information, with the incident occurring on or around June 30, 2021. The company notified affected users via email on July 1, 2021, though the total number of impacted individuals remained undetermined at the time of disclosure. Unauthorized parties accessed usernames, email addresses, and encrypted passwords, though the specific hashing algorithm used for password protection was not disclosed in the notification. The breach did not involve exposure of physical addresses or financial data such as credit or debit card details, according to the company's statement. New Skills Academy characterized the incident as an issue potentially affecting "some" customers but provided no technical details regarding the attack vector, duration of unauthorized access, or method of breach discovery.

In response to the breach, New Skills Academy issued direct email notifications advising customers to change their account passwords both on its platform and on any other services where similar credentials might be reused. The company cautioned users to remain alert for potential phishing attempts leveraging the exposed email addresses and usernames. While no specific remediation tools were provided by the organization beyond general password reset instructions, the notification recommended third-party resources such as VirusTotal for scanning suspicious links. The breach exposed fundamental authentication elements but stopped short of compromising more sensitive personally identifiable information or payment data. No information was disclosed regarding forensic investigations, law enforcement involvement, or additional security measures implemented post-breach beyond the customer advisories.